Nomisec Exploits

22,687 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-38408 NOMISEC CRITICAL
OpenSSH < 9.3p2 - Remote Code Execution via PKCS#11 Untrusted Search Path
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
by wxrdnx
CVSS 9.8
CVE-2022-32981 NOMISEC HIGH
Linux kernel <5.18.3 - Buffer Overflow
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.
by SpiralBL0CK
CVSS 7.8
CVE-2024-7954 NOMISEC CRITICAL
SPIP porte_plume - Unauthenticated PHP Code Execution
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
by zxj-hub
CVSS 9.8
CVE-2022-1329 NOMISEC HIGH
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
by AgustinESI
CVSS 8.8
CVE-2024-53677 NOMISEC CRITICAL
Apache Struts 2.0.0-6.3.9 - Path Traversal and Remote Code Execution via File Upload
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067
by TAM-K592
94 stars
CVSS 9.8
CVE-2024-40348 NOMISEC HIGH
bazarr < 1.4.3 - Unauthenticated Path Traversal via /api/swaggerui/static
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
by NingXin2002
CVSS 8.2
CVE-2024-42845 NOMISEC HIGH
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
by partywavesec
3 stars
CVSS 8.0
CVE-2024-0132 NOMISEC CRITICAL
NVIDIA Container Toolkit < 1.16.2 - Time-of-check Time-of-use Race Condition
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
by r0binak
6 stars
CVSS 9.0
CVE-2024-41319 NOMISEC CRITICAL
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via Webcmd Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
by NingXin2002
2 stars
CVSS 9.8
CVE-2024-27956 NOMISEC CRITICAL
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
by 7aRanchi
CVSS 9.9
CVE-2024-50379 NOMISEC CRITICAL
Apache Tomcat 9.0.0-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - RCE via TOCTOU Race Condition in JSP Compilation
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
by JFOZ1010
2 stars
CVSS 9.8
CVE-2024-35176 NOMISEC MEDIUM
REXML < 3.2.7 - Denial of Service via Malformed XML Attribute
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
by SpiralBL0CK
5 stars
CVSS 5.3
CVE-2024-39908 NOMISEC MEDIUM
REXML < 3.3.2 - Denial of Service via Malformed XML Parsing
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
by SpiralBL0CK
CVSS 4.3
CVE-2024-48990 NOMISEC HIGH
Ubuntu needrestart Privilege Escalation
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
by NullByte-7w7
1 stars
CVSS 7.8
CVE-2024-54378 NOMISEC HIGH
Quietly Quietly Insights <1.2.2 - Privilege Escalation
Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2.
by RandomRobbieBF
CVSS 8.8
CVE-2024-54379 NOMISEC HIGH
Blokhaus Minterpress <1.0.5 - Privilege Escalation
Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5.
by RandomRobbieBF
CVSS 8.8
CVE-2024-10793 NOMISEC HIGH
WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via user_id Parameter
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.
by MAHajian
2 stars
CVSS 7.2
CVE-2024-54369 NOMISEC CRITICAL
ThemeHunk Zita Site Builder <1.0.2 - Info Disclosure
Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2.
by RandomRobbieBF
CVSS 9.1
CVE-2024-54262 NOMISEC CRITICAL
Siddharth Nagar Import Export For WooCommerce <1.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2.
by RandomRobbieBF
CVSS 9.9
CVE-2024-12025 NOMISEC HIGH
Collapsing Categories <3.0.8 - SQL Injection
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
2 stars
CVSS 7.5
CVE-2024-9935 NOMISEC HIGH
PDF Generator Addon - Path Traversal
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue.
by verylazytech
7 stars
CVSS 7.5
CVE-2024-53376 NOMISEC HIGH
CyberPanel < 2.3.8 - Authenticated OS Command Injection via phpSelection Parameter
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
by ThottySploity
5 stars
CVSS 8.8
CVE-2024-53375 NOMISEC HIGH
TP-Link Archer Router Series - Authenticated Remote Code Execution via HomeShield tmp_get_sites Function
An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality.
by ThottySploity
16 stars
CVSS 8.0
CVE-2019-15107 NOMISEC CRITICAL
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by MasterCode112
1 stars
CVSS 9.8
CVE-2023-7028 NOMISEC CRITICAL
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
by yoryio
CVSS 10.0