Nomisec Exploits

22,675 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-6460 NOMISEC CRITICAL
Grow by Tradedoubler <2.0.21 - Code Injection
The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
by Nxploited
CVSS 9.8
CVE-2024-43451 NOMISEC MEDIUM
NTLM Hash Disclosure Spoofing - Info Disclosure
NTLM Hash Disclosure Spoofing Vulnerability
by RonF98
15 stars
CVSS 6.5
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by Mephierr
1 stars
CVSS 7.8
CVE-2024-41570 NOMISEC CRITICAL
Havoc 0.7 - Unauthenticated Server-Side Request Forgery via Demon Callback
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
by sebr-dev
8 stars
CVSS 9.8
CVE-2024-12084 NOMISEC CRITICAL
rsync - Heap-based Buffer Overflow via Checksum Length Handling
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
by themirze
4 stars
CVSS 9.8
CVE-2024-49138 NOMISEC HIGH
Windows Common Log File System Driver - Elevation of Privilege via Heap-based Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by bananoname
CVSS 7.8
CVE-2024-2876 NOMISEC CRITICAL
Wordpress Email Subscribers by Icegram Express - SQL Injection
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by chsxthwik
2 stars
CVSS 9.8
CVE-2025-21298 NOMISEC CRITICAL
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008-2012 - Remote Code Execution via OLE Use-After-Free
Windows OLE Remote Code Execution Vulnerability
by ynwarcs
195 stars
CVSS 9.8
CVE-2021-1732 NOMISEC HIGH
Windows 10 1803-20H2 and Windows Server 1909-20H2 - Elevation of Privilege via Win32k ConsoleControl Offset Confusion
Windows Win32k Elevation of Privilege Vulnerability
by Sausageinforest
CVSS 7.8
CVE-2024-43998 NOMISEC MEDIUM
WebsiteinWP Blogpoet <= 1.0.3 - Missing Authorization
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
by Nxploited
CVSS 6.5
CVE-2024-13184 NOMISEC HIGH
WP Extended <3.0.12 - SQL Injection
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
CVSS 7.5
CVE-2024-54880 NOMISEC CRITICAL
SeaCMS V13.1 - Privilege Escalation
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk.
by ailenye
CVSS 9.1
CVE-2024-54239 NOMISEC CRITICAL
dugudlabs Eyewear <4.0.18 - Privilege Escalation
Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18.
by RandomRobbieBF
CVSS 9.8
CVE-2024-6387 NOMISEC HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by kinu404
4 stars
CVSS 8.1
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by ZacharyZcR
CVSS 10.0
CVE-2024-54879 NOMISEC CRITICAL
SeaCMS V13.1 - Privilege Escalation
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
by ailenye
CVSS 9.1
CVE-2024-41570 NOMISEC CRITICAL
Havoc 0.7 - Unauthenticated Server-Side Request Forgery via Demon Callback
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
by HimmeL-Byte
16 stars
CVSS 9.8
CVE-2023-41425 NOMISEC MEDIUM
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
by Diegomjx
1 stars
CVSS 6.1
CVE-2024-9796 NOMISEC CRITICAL
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
by viniciuslazzari
1 stars
CVSS 9.8
CVE-2025-0282 NOMISEC CRITICAL
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
by Hexastrike
5 stars
CVSS 9.0
CVE-2024-21887 NOMISEC CRITICAL
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
by Hexastrike
5 stars
CVSS 9.1
CVE-2023-46805 NOMISEC HIGH
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
by Hexastrike
5 stars
CVSS 8.2
CVE-2024-23724 NOMISEC CRITICAL
Ghost < 5.76.0 - Stored Cross-Site Scripting via SVG Profile Picture
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
by Youssefdds
CVSS 9.0
CVE-2024-57522 NOMISEC MEDIUM
SourceCodester Packers and Movers Management System 1.0 - Stored Cross-Site Scripting in Users.php
SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
by HackWidMaddy
1 stars
CVSS 6.4
CVE-2024-55504 NOMISEC MEDIUM
RAR Extractor - Unarchiver Free and Pro <6.4.0 - Code Injection
An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS.
by SyFi
CVSS 5.5