Nomisec Exploits

22,684 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-49113 NOMISEC HIGH
Windows LDAP - Denial of Service via Out-of-bounds Read
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
by barcrange
10 stars
CVSS 7.5
CVE-2017-8056 NOMISEC MEDIUM
WatchGuard Fireware < 11.2.1 - Denial of Service via XML External Entity Injection
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox.
by itzexploit
CVSS 5.3
CVE-2024-23897 NOMISEC CRITICAL
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by Marouane133
1 stars
CVSS 9.8
CVE-2025-22912 NOMISEC CRITICAL
Edimax RE11S v1.11 - OS Command Injection via formAccept Component
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
by passwa11
CVSS 9.8
CVE-2024-50945 NOMISEC HIGH
SimplCommerce - Improper Access Control
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.
by AbdullahAlmutawa
CVSS 7.5
CVE-2024-53476 NOMISEC MEDIUM
SimplCommerce - Race Condition in Inventory Tracking
A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.
by AbdullahAlmutawa
CVSS 5.9
CVE-2024-50944 NOMISEC CRITICAL
SimplCommerce - Integer Overflow in CartController AddToCart Quantity Parameter
Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.
by AbdullahAlmutawa
CVSS 9.8
CVE-2024-49113 NOMISEC HIGH
Windows LDAP - Denial of Service via Out-of-bounds Read
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
by SafeBreach-Labs
516 stars
CVSS 7.5
CVE-2024-38856 NOMISEC CRITICAL
Apache OFBiz forgotPassword/ProgramExport RCE
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
by FakesiteSecurity
1 stars
CVSS 9.8
CVE-2024-54363 NOMISEC CRITICAL
nssTheme Wp NssUser Register <1.0.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.
by RandomRobbieBF
CVSS 9.8
CVE-2024-49112 NOMISEC CRITICAL
Windows LDAP - Remote Code Execution via Integer Overflow
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
by CCIEVoice2009
3 stars
CVSS 9.8
CVE-2024-54385 NOMISEC HIGH
SoftLab Radio Player <2.0.82 - SSRF
Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83.
by RandomRobbieBF
CVSS 7.2
CVE-2024-55978 NOMISEC CRITICAL
WalletStation.com Code Generator Pro - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation Code Generator Pro code-generator-pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through <= 1.2.
by RandomRobbieBF
CVSS 9.3
CVE-2024-9680 NOMISEC CRITICAL
Firefox < 131.0.2 and ESR < 128.3.1 and ESR < 115.16.1 - Use-After-Free in Animation Timelines
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
by PraiseImafidon
1 stars
CVSS 9.8
CVE-2024-55980 NOMISEC CRITICAL
Webriderz Wr Age Verification <2.0.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robindkumar Wr Age Verification wr-age-verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through <= 2.0.0.
by RandomRobbieBF
CVSS 9.3
CVE-2024-54330 NOMISEC HIGH
Hurrakify <= 2.4 - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4.
by RandomRobbieBF
CVSS 7.2
CVE-2024-38816 NOMISEC HIGH
Spring WebMvc.fn and WebFlux.fn - Path Traversal via Static Resource Handling
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html  is in use * the application runs on Tomcat or Jetty
by wdragondragon
CVSS 7.5
CVE-2024-53522 NOMISEC HIGH
Bangkok Medical Software HOSxP XE <4.64.11.3 - Info Disclosure
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
by Safecloudth
3 stars
CVSS 7.5
CVE-2024-10400 NOMISEC HIGH
Tutor LMS < 2.7.6 - Unauthenticated SQL Injection via Rating Filter Parameter
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by k0ns0l
4 stars
CVSS 7.5
CVE-2023-47668 NOMISEC MEDIUM
StellarWP Membership Plugin - Restrict Content <= 3.2.7 - Exposure of Sensitive Information via Log File
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions.
by Nxploited
CVSS 5.3
CVE-2024-9593 NOMISEC HIGH
Time Clock and Time Clock Pro <= 1.2.2 - Unauthenticated Remote Code Execution via etimeclockwp_load_function_callback
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
by Nxploited
1 stars
CVSS 8.3
CVE-2023-38829 NOMISEC HIGH
NETIS SYSTEMS WF2409E <3.6.42541 - RCE
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.
by Victorique-123
1 stars
CVSS 8.8
CVE-2023-21537 NOMISEC HIGH
Microsoft MSMQ - Privilege Escalation
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
by stevenjoezhang
1 stars
CVSS 7.8
CVE-2024-7135 NOMISEC MEDIUM
Tainacan <= 0.21.7 - Authenticated Arbitrary File Read via Missing Authorization in get_file Function
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
by Nxploited
CVSS 6.5
CVE-2024-51442 NOMISEC HIGH
Minidlna <v1.3.3 - Command Injection
Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.
by mselbrede
CVSS 8.8