Nomisec Exploits

22,706 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-6592 NOMISEC CRITICAL
WatchGuard Authentication Gateway and Single Sign-On Client - Authentication Bypass via Protocol Communication
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.
by RedTeamPentesting
3 stars
CVSS 9.1
CVE-2024-21978 NOMISEC MEDIUM
AMD EPYC 7003 Series Firmware < milanpi_1.0.0.d - Unauthenticated Memory Read/Write via SEV-SNP Input Validation
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
by Freax13
9 stars
CVSS 6.0
CVE-2024-2876 NOMISEC CRITICAL
Wordpress Email Subscribers by Icegram Express - SQL Injection
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by 0xAgun
2 stars
CVSS 9.8
CVE-2024-43160 NOMISEC CRITICAL
BerqWP < 1.7.6 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.
by KTN1990
1 stars
CVSS 10.0
CVE-2018-0834 NOMISEC HIGH
ChakraCore - Remote Code Execution via Memory Corruption in Scripting Engine
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by SpiralBL0CK
5 stars
CVSS 7.5
CVE-2024-7965 NOMISEC HIGH
Google Chrome < 128.0.6613.84 - Remote Code Execution via V8 Heap Corruption
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
by bi-zone
48 stars
CVSS 8.8
CVE-2018-6574 NOMISEC HIGH
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by Saboor-Hakimi
CVSS 7.8
CVE-2020-9484 NOMISEC HIGH
Apache Tomcat < 7.0.108 - Insecure Deserialization
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
by 0dayCTF
24 stars
CVSS 7.0
CVE-2022-26809 NOMISEC CRITICAL
Microsoft Windows RPC Runtime - Remote Code Execution
Remote Procedure Call Runtime Remote Code Execution Vulnerability
by corelight
33 stars
CVSS 9.8
CVE-2024-8190 NOMISEC HIGH
Ivanti Cloud Services Appliance <4.6.518 - Command Injection
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
by horizon3ai
17 stars
CVSS 7.2
CVE-2024-44000 NOMISEC CRITICAL
LiteSpeed Cache < 6.5.0.1 - Unauthenticated Authentication Bypass via Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
by ifqygazhar
3 stars
CVSS 9.8
CVE-2023-28324 NOMISEC CRITICAL
Ivanti Endpoint Manager < 2022 - Privilege Escalation or Remote Code Execution
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
by horizon3ai
20 stars
CVSS 9.8
CVE-2021-3493 NOMISEC HIGH
2021 Ubuntu Overlayfs LPE
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
by fathallah17
CVSS 8.8
CVE-2016-10924 NOMISEC HIGH
zedna_ebook_download < 1.2 - Path Traversal
The ebook-download plugin before 1.2 for WordPress has directory traversal.
by LGenAgul
CVSS 7.5
CVE-2024-6782 NOMISEC CRITICAL
Calibre 6.9.0-7.14.0 - Unauthenticated RCE
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
by 0xB0y426
1 stars
CVSS 9.8
CVE-2024-8504 NOMISEC HIGH
VICIdial Agent Interface - Authenticated Root Command Execution
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
by Chocapikk
41 stars
CVSS 8.8
CVE-2024-40711 NOMISEC CRITICAL
Veeam Backup & Replication 12.0.0.1420 through 12.2.0.334 - Deserialization RCE
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
by watchtowrlabs
55 stars
CVSS 9.8
CVE-2023-0297 NOMISEC CRITICAL
pyLoad js2py Python Execution
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
by btar1gan
CVSS 9.8
CVE-2024-27564 NOMISEC MEDIUM
ChatGPT个人专用版 - Server Side Request Forgery
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.
by chsxthwik
13 stars
CVSS 5.8
CVE-2024-1071 NOMISEC CRITICAL
WordPress Ultimate Member SQL Injection (CVE-2024-1071)
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by dogucyber
2 stars
CVSS 9.8
CVE-2024-27564 NOMISEC MEDIUM
ChatGPT个人专用版 - Server Side Request Forgery
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.
by chaudhrymuhammadtayab
CVSS 5.8
CVE-2024-29847 NOMISEC CRITICAL
Ivanti EPM <2022 SU6-2024 September - Code Injection
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
by sinsinology
18 stars
CVSS 9.8
CVE-2024-38127 NOMISEC HIGH
Windows Hyper-V - Privilege Escalation
Windows Hyper-V Elevation of Privilege Vulnerability
by pwndorei
6 stars
CVSS 7.8
CVE-2021-38304 NOMISEC HIGH
NI-PAL <20.0.0 - Privilege Escalation
Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access.
by philsajdak
CVSS 7.8
CVE-2023-4966 NOMISEC CRITICAL
Citrix NetScaler ADC/Gateway 12.1-55.300/13.0-92.19 Info Disclosure
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.
by LucasOneZ
CVSS 9.4