Nomisec Exploits
22,697 exploits tracked across all sources.
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
by h3athen
CVSS 6.1
Spring WebFlux - Authorization Bypass via Static Resource Handling
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.
For this to impact an application, all of the following must be true:
* It must be a WebFlux application
* It must be using Spring's static resources support
* It must have a non-permitAll authorization rule applied to the static resources support
by mouadk
Qualitor < 8.20 - Remote Code Execution via processVariavel.php gridValoresPopHidden Parameter
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
by OpenXP-Research
CVSS 9.8
Qualitor v8.24 - Remote Code Execution via gridValoresPopHidden Parameter
Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.
by OpenXP-Research
Qualitor 8.24 viewValidacao.php - Server-Side Request Forgery
Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.
by OpenXP-Research
CVSS 7.5
WP Automatic <3.92.0 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
by chsxthwik
Windows 10/11, Server 2012-2022 - Sensitive Info Exposure via Theme Spoofing
Windows Themes Spoofing Vulnerability
by sxyrxyy
online diagnostic lab management system using php 1.0 - Cross-Site Scripting via Test Name Parameter
Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component.
by BLACK-SCORP10
NetAdmin 4.030319 - Info Disclosure
Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied.
by BrotherOfJhonny
CVSS 8.1
Ruckus Wireless Unleashed < 200.7.10.202.94 - Remote Code Execution via mac Attribute in admin/_cmdstat.jsp
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
by bdunlap9
CVSS 9.8
Windows ALPC - Privilege Escalation
Windows ALPC Elevation of Privilege Vulnerability
by SpiralBL0CK
WP Automatic <3.92.0 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
by gh-ost00
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
by sar-3mar
CVSS 8.6
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by cc3305
CVSS 9.8
Blood Bank Management System 1.0 - Cross-Site Request Forgery in Profile Update Endpoint
A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by bevennyamande
CVSS 4.3
SUSE Rancher < 2.5.16 - Authenticated Cleartext Storage of Sensitive Information via Kubernetes API
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
by fe-ax
CVSS 9.9
Python < 3.6.13 - XML External Entity Injection in plistlib Module
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
by Einstein2150
Tenda AC8V4.0-V16.03.34.06 - Buffer Overflow
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.
by dhammerg
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
by skentagon
CVSS 9.8
Openvswitch kernel module - Memory Corruption
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
by devetop
CVSS 7.8
FUXA 1.1.13 - Remote Code Execution via /api/runscript Endpoint
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
by rodolfomarianocy
Blood Bank Management System 1.0 - Cross-Site Request Forgery via /file/delete.php bid Parameter
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well.
by bevennyamande
CVSS 4.3
All-in-One WP Migration & Backup <7.86 - Code Injection
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above, to create an export file with the .php extension on the affected site's server, adding an arbitrary PHP code to it, which may make remote code execution possible.
by d0n601
Fortinet FortiOS/FortiProxy/FortiPAM/FortiSwitchManager Format String Vulnerability via Crafted Packets
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
by p33d
phpMyAdmin 5.1.0-5.1.1 - Cross-Site Scripting in Setup Script
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
by dipakpanchal05
By Source