Nomisec Exploits

22,670 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-26136 NOMISEC MEDIUM
Tough-Cookie <4.1.3 - Prototype Pollution
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
by morrisel
CVSS 6.5
CVE-2024-6387 NOMISEC HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by SkyGodling
CVSS 8.1
CVE-2024-27348 NOMISEC CRITICAL
Apache HugeGraph-Server - Remote Command Execution
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
by p0et08
CVSS 9.8
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by RogelioPumajulca
CVSS 7.8
CVE-2018-15473 NOMISEC MEDIUM
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by OmarV4066
1 stars
CVSS 5.3
CVE-2014-4210 NOMISEC
Oracle WebLogic Server <10.3.6.0 - Info Disclosure
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
by ZorvithonLeo
2 stars
CVE-2024-36837 NOMISEC HIGH
CRMEB 5.2.2 - SQL Injection via ProductController.php getProductList Function
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
by phtcloud-dev
4 stars
CVSS 7.5
CVE-2024-23443 NOMISEC MEDIUM
Kibana 7.0.0-7.17.22 - Authenticated Denial of Service via Malicious Osquery Pack Upload
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
by zhazhalove
1 stars
CVSS 4.9
CVE-2025-23369 NOMISEC HIGH
GitHub Enterprise Server < 3.12.14 - Improper Verification of Cryptographic Signature
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.
by Arian91
CVSS 8.8
CVE-2024-6244 NOMISEC HIGH
PZ Frontend Manager < 1.0.6 - Cross-Site Request Forgery
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
by Nxploited
CVSS 8.8
CVE-2025-23369 NOMISEC HIGH
GitHub Enterprise Server < 3.12.14 - Improper Verification of Cryptographic Signature
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.
by hakivvi
38 stars
CVSS 8.8
CVE-2017-14980 NOMISEC CRITICAL
Flexense Syncbreeze - Memory Corruption
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
by xn0kkx
CVSS 9.8
CVE-2025-1015 NOMISEC MEDIUM
Thunderbird 128.0.1-128.6.9, 128.7-128.*, >=135 - Stored Cross-Site Scripting via Address Book URI Field Import
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.
by r3m0t3nu11
3 stars
CVSS 5.4
CVE-2024-54916 NOMISEC MEDIUM
Telegram Android APK <11.7.0 - Privilege Escalation
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method.
by SAHALLL
CVSS 6.8
CVE-2024-43425 NOMISEC HIGH
Moodle Remote Code Execution (CVE-2024-43425)
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
by Snizi
2 stars
CVSS 8.1
CVE-2024-57373 NOMISEC HIGH
LifestyleStore 1.0 - Cross-Site Request Forgery
Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows a remote attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to account modifications or data compromise.
by cypherdavy
3 stars
CVSS 8.1
CVE-2024-39713 NOMISEC HIGH
Rocket.Chat < 6.10.1 - Server-Side Request Forgery via Twilio Webhook Endpoint
A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.
by typical-pashochek
5 stars
CVSS 8.6
CVE-2024-55215 NOMISEC CRITICAL
jrohy/trojan 2.0.0-2.15.3 - Unauthenticated Privilege Escalation via Initialization Interface
An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.
by ainrm
1 stars
CVSS 9.8
CVE-2022-30190 NOMISEC HIGH
Microsoft Office Word MSDTJS
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
by Potato-9257
CVSS 7.8
CVE-2024-35106 NOMISEC MEDIUM
NEXTU FLETA AX1500 WIFI6 v1.0.3 - Buffer Overflow
NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request.
by laskdjlaskdj12
CVSS 4.6
CVE-2017-5638 NOMISEC CRITICAL
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
by Xernary
CVSS 9.8
CVE-2024-34102 NOMISEC CRITICAL
Adobe Commerce and Magento - XML External Entity Injection to Code Execution
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
by wubinworks
1 stars
CVSS 9.8
CVE-2022-45460 NOMISEC CRITICAL
Xiongmai NBD6808T-PL and MBD6304T Firmware - Unauthenticated Remote Code Execution via URI Buffer Overflow
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.
by born0monday
5 stars
CVSS 9.8
CVE-2024-6624 NOMISEC CRITICAL
JSON API User <3.9.3 - Privilege Escalation
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.
by Jenderal92
1 stars
CVSS 9.8
CVE-2019-20085 NOMISEC HIGH
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by 0hmsec
CVSS 7.5