Nomisec Exploits

22,684 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-12542 NOMISEC HIGH
linkID WordPress <0.1.2 - Info Disclosure
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.
by RandomRobbieBF
CVSS 8.6
CVE-2023-2645 NOMISEC CRITICAL
USR USR-G806 1.0.41 - Hard-Coded Password
A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by xymbiot-solution
CVSS 9.8
CVE-2017-11165 NOMISEC CRITICAL
dataTaker DT80 dEX 1.50.012 - Unauthenticated Sensitive Information Exposure via config.xml Request
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
by xymbiot-solution
CVSS 9.8
CVE-2024-3400 NOMISEC CRITICAL
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
by GhassanSabir
CVSS 10.0
CVE-2022-28108 NOMISEC HIGH
Selenium Grid < 4.0.0 - Cross-Site Request Forgery via Non-JSON Content Types
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
by ZeroEthical
CVSS 8.8
CVE-2024-56064 NOMISEC CRITICAL
Azzaroco WP SuperBackup <2.3.3 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
by RandomRobbieBF
1 stars
CVSS 10.0
CVE-2024-56067 NOMISEC HIGH
Azzaroco WP SuperBackup <2.3.3 - Info Disclosure
Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
by RandomRobbieBF
CVSS 7.5
CVE-2024-51818 NOMISEC CRITICAL
Fancy Product Designer <6.4.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.
by RandomRobbieBF
CVSS 9.3
CVE-2015-9251 NOMISEC MEDIUM
jQuery < 3.0.0 - Cross-Site Scripting via Cross-Domain Ajax Request
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
by hackgiver
2 stars
CVSS 6.1
CVE-2021-41805 NOMISEC HIGH
HashiCorp Consul Enterprise < 1.8.17, 1.9.x < 1.9.11, 1.10.x < 1.10.4 - Incorrect Access Control via Namespace ACL Token
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
by acfirthh
CVSS 8.8
CVE-2024-50603 NOMISEC CRITICAL
Aviatrix Controller < 7.1.4191 and 7.2.x < 7.2.4996 - Unauthenticated Remote Code Execution via cloud_type Parameter
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
by newlinesec
7 stars
CVSS 10.0
CVE-2023-21768 NOMISEC HIGH
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
by IlanDudnik
1 stars
CVSS 7.8
CVE-2024-4577 NOMISEC CRITICAL
PHP CGI Argument Injection Remote Code Execution
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
by Dejavu666
CVSS 9.8
CVE-2024-11613 NOMISEC CRITICAL
WordPress File Upload <4.24.15 - RCE
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server.
by Sachinart
4 stars
CVSS 9.8
CVE-2024-56433 NOMISEC LOW
shadow-utils 4.4-4.17.0 - Privilege Escalation
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
by JonnyWhatshisface
CVSS 3.6
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by mithunmadhukuttan
CVSS 7.8
CVE-2024-9047 NOMISEC CRITICAL
WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal via wfu_file_downloader.php
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.
by verylazytech
7 stars
CVSS 9.8
CVE-2024-11423 NOMISEC HIGH
The Ultimate Gift Cards for WooCommerce <3.0.6 - Info Disclosure
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.
by RandomRobbieBF
2 stars
CVSS 7.5
CVE-2024-12849 NOMISEC HIGH
Error Log Viewer By WP Guru <1.0.1.3 - Info Disclosure
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
by Nxploited
CVSS 7.5
CVE-2023-2825 NOMISEC CRITICAL
GitLab Authenticated File Read
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
by alej6
CVSS 10.0
CVE-2018-16763 NOMISEC CRITICAL
FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
by altsun
CVSS 9.8
CVE-2025-22510 NOMISEC HIGH
WC Price History for Omnibus <2.1.4 - Code Injection
Deserialization of Untrusted Data vulnerability in kkarpieszuk WC Price History for Omnibus wc-price-history allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through <= 2.1.4.
by DoTTak
CVSS 7.2
CVE-2022-29078 NOMISEC CRITICAL
ejs 3.1.6 - Server-Side Template Injection via outputFunctionName Option
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
by chuckdu21
CVSS 9.8
CVE-2024-54292 NOMISEC CRITICAL
Appsplate <= 2.1.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allows SQL Injection.This issue affects Appsplate: from n/a through <= 2.1.3.
by RandomRobbieBF
CVSS 9.3
CVE-2024-34102 NOMISEC CRITICAL
Adobe Commerce and Magento - XML External Entity Injection to Code Execution
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
by mksundaram69
CVSS 9.8