Nomisec Exploits

22,670 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-48589 NOMISEC MEDIUM
phpABook 0.9 - Cross-Site Scripting via rol Parameter
Cross Site Scripting vulnerability in Gilnei Moraes phpABook v.0.9 allows a remote attacker to execute arbitrary code via the rol parameter in index.php
by Exek1el
CVSS 6.3
CVE-2022-24086 NOMISEC CRITICAL
Adobe Commerce <2.4.3-p1, <2.3.7-p2 - RCE
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
by wubinworks
CVSS 9.8
CVE-2024-38143 NOMISEC MEDIUM
Windows WLAN AutoConfig Service - Privilege Escalation
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
by redr0nin
24 stars
CVSS 4.2
CVE-2023-49070 NOMISEC CRITICAL
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
by UserConnecting
4 stars
CVSS 9.8
CVE-2023-49031 NOMISEC MEDIUM
Tikit eMarketing <6.8.3.0 - Path Traversal
Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFile endpoint.
by Yoshik0xF6
CVSS 5.1
CVE-2023-26136 NOMISEC MEDIUM
Tough-Cookie <4.1.3 - Prototype Pollution
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
by dani33339
CVSS 6.5
CVE-2024-7954 NOMISEC CRITICAL
SPIP porte_plume - Unauthenticated PHP Code Execution
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
by Arthikw3b
CVSS 9.8
CVE-2023-41425 NOMISEC MEDIUM
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
by KGorbakon
CVSS 6.1
CVE-2024-10924 NOMISEC CRITICAL
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
by cy3erdr4g0n
CVSS 9.8
CVE-2024-24919 NOMISEC HIGH
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
by hashdr1ft
1 stars
CVSS 8.6
CVE-2024-56889 NOMISEC HIGH
CodeAstro Complaint Mgt <1.0 - Privilege Escalation
Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.
by vigneshr232
CVSS 7.5
CVE-2022-40684 NOMISEC CRITICAL
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
by XalfiE
1 stars
CVSS 9.8
CVE-2024-47875 NOMISEC CRITICAL
DOMPurify < 2.5.0 - Cross-Site Scripting via Nesting-Based mXSS
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
by daikinitanda
CVSS 10.0
CVE-2023-2245 NOMISEC MEDIUM
hansunCMS 1.4.3 - Unrestricted File Upload via /ueditor/net/controller.ashx
A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability.
by tpdlshdmlrkfmcla
CVSS 6.3
CVE-2024-55040 NOMISEC MEDIUM
Sensaphone WEB600 Firmware < 1.6.5.H - Cross-Site Scripting via @.xml GET Parameters
Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters.
by tcbutler320
1 stars
CVSS 6.1
CVE-2024-2961 NOMISEC HIGH
GNU C Library <2.39 - Buffer Overflow
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
by suce0155
4 stars
CVSS 7.3
CVE-2024-57610 NOMISEC HIGH
Sylius v2.0.2 - Unrestricted Brute-Force Attack via Missing Rate Limiting
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use "firewalls, rate-limiting middleware, or authentication providers" for that functionality.
by Mr-UN533N
CVSS 7.5
CVE-2024-57610 NOMISEC HIGH
Sylius v2.0.2 - Unrestricted Brute-Force Attack via Missing Rate Limiting
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use "firewalls, rate-limiting middleware, or authentication providers" for that functionality.
by str4ng3r-0x7
CVSS 7.5
CVE-2024-57609 NOMISEC HIGH
Kanaries Inc Pygwalker <0.4.9.9 - RCE
An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function.
by Mr-UN533N
CVSS 8.6
CVE-2024-57609 NOMISEC HIGH
Kanaries Inc Pygwalker <0.4.9.9 - RCE
An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function.
by str4ng3r-0x7
CVSS 8.6
CVE-2025-25062 NOMISEC MEDIUM
Backdrop CMS <1.28.5, <1.29.3 - XSS
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an administrator attempts to edit a piece of content. This vulnerability is mitigated by the fact that an attacker must have the ability to create long text content (such as through the node or comment forms) and an administrator must edit (not view) the content that contains the malicious content. This problem only exists when using the CKEditor 5 module.
by rhburt
2 stars
CVSS 4.4
CVE-2024-57430 NOMISEC CRITICAL
PHPJabbers Cinema Booking System 2.0 - SQL Injection via pjActionGetUser Column Parameter
An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.
by ahrixia
CVSS 9.8
CVE-2024-57429 NOMISEC MEDIUM
PHPJabbers Cinema Booking System 2.0 - Cross-Site Request Forgery in pjActionUpdate
A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.
by ahrixia
CVSS 5.4
CVE-2024-57428 NOMISEC CRITICAL
PHPJabbers Cinema Booking System v2.0 - Stored Cross-Site Scripting via File Upload and Seat Configuration Fields
A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking.
by ahrixia
CVSS 9.3
CVE-2024-57427 NOMISEC MEDIUM
PHPJabbers Cinema Booking System 2.0 - Reflected Cross-Site Scripting
PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks.
by ahrixia
CVSS 6.1