Nomisec Exploits

22,706 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-35914 NOMISEC CRITICAL
GLPI htmLawed php command injection
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
by btar1gan
CVSS 9.8
CVE-2014-0160 NOMISEC HIGH
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
by yashfren
CVSS 7.5
CVE-2019-9978 NOMISEC MEDIUM
Social Warfare and Social Warfare Pro < 3.5.3 - Stored Cross-Site Scripting via swp_debug Parameter
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
by MAHajian
CVSS 6.1
CVE-2019-14322 NOMISEC HIGH
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
by sergiovks
CVSS 7.5
CVE-2024-0762 NOMISEC HIGH
Phoenix SecureCore - Buffer Overflow
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
by tadash10
CVSS 7.5
CVE-2024-38816 NOMISEC HIGH
Spring WebMvc.fn and WebFlux.fn - Path Traversal via Static Resource Handling
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html  is in use * the application runs on Tomcat or Jetty
by startsw1th
3 stars
CVSS 7.5
CVE-2024-42642 NOMISEC MEDIUM
Micron Crucial MX500 Series - Buffer Overflow
Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page.
by VL4DR
14 stars
CVSS 6.7
CVE-2024-1874 NOMISEC CRITICAL
PHP <8.1.28, 8.2.*<8.2.18, 8.3.*<8.3.5 - Command Injection
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
by MrBongoC
2 stars
CVSS 9.4
CVE-2024-1874 NOMISEC CRITICAL
PHP <8.1.28, 8.2.*<8.2.18, 8.3.*<8.3.5 - Command Injection
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
by Tgcohce
2 stars
CVSS 9.4
CVE-2022-47130 NOMISEC MEDIUM
Academy LMS < 5.10 - Authenticated Cross-Site Request Forgery via Discount Coupon Creation
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.
by OpenXP-Research
CVSS 4.3
CVE-2022-47131 NOMISEC MEDIUM
Academy LMS < 5.10 - Cross-Site Request Forgery via Page Creation
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
by OpenXP-Research
CVSS 4.8
CVE-2022-47132 NOMISEC HIGH
Academy LMS < 5.10 - Cross-Site Request Forgery to Add Administrator
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
by OpenXP-Research
CVSS 8.8
CVE-2021-43650 NOMISEC CRITICAL
WebRun 3.6.0.42 - SQL Injection via P_0 Parameter
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.
by OpenXP-Research
CVSS 9.8
CVE-2022-2546 NOMISEC MEDIUM
All-in-One WP Migration <7.63 - XSS
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key
by OpenXP-Research
CVSS 4.7
CVE-2023-47253 NOMISEC CRITICAL
Qualitor < 8.20 - Remote Code Execution via processVariavel.php gridValoresPopHidden Parameter
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
by gmh5225
CVSS 9.8
CVE-2023-1177 NOMISEC CRITICAL
MLflow < 2.2.1 - Path Traversal via Backslash Sequence
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
by charlesgargasson
CVSS 9.3
CVE-2024-46256 NOMISEC CRITICAL
NginxProxyManager 2.11.3 - Remote Code Execution via Let's Encrypt Certificate Request
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
by barttran2k
6 stars
CVSS 9.8
CVE-2024-8522 NOMISEC CRITICAL
LearnPress - WordPress LMS Plugin <4.2.7 - SQL Injection
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by Avento
2 stars
CVSS 10.0
CVE-2024-8752 NOMISEC HIGH
WebIQ 2.15.9 - Path Traversal
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.
by D3anSPGDMS
CVSS 7.5
CVE-2022-23131 NOMISEC CRITICAL
Zabbix 5.4.0-5.4.7 - Unauthenticated Authentication Bypass via SAML Session Spoofing
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
by fork-bombed
4 stars
CVSS 9.1
CVE-2024-45383 NOMISEC MEDIUM
Microsoft High Definition Audio Bus Driver 10.0.19041.3636 - DoS
A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.
by SpiralBL0CK
3 stars
CVSS 5.0
CVE-2024-39081 NOMISEC MEDIUM
SMART TYRE CAR & BIKE <4.2.0 - SSRF
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.
by Amirasaiyad
CVSS 4.2
CVE-2024-32651 NOMISEC CRITICAL
changedetection.io <=0.45.20 - Remote Command Execution via Jinja2 SSTI
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
by s0ck3t-s3c
4 stars
CVSS 10.0
CVE-2023-6275 NOMISEC LOW
TOTVS Fluig 1.6.x-1.8.1 - Cross-Site Scripting via mobileredir openApp.jsp redirectUrl Parameter
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.1-231128, 1.8.0-231127 and 1.8.1-231127 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104.
by erickfernandox
1 stars
CVSS 3.5
CVE-2024-34831 NOMISEC MEDIUM
Gibbon Core 26.0.00 - Stored Cross-Site Scripting via imageLink Parameter
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.
by enzored
CVSS 6.1