Nomisec Exploits

22,710 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-21768 NOMISEC HIGH
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
by xboxoneresearch
14 stars
CVSS 7.8
CVE-2019-10149 NOMISEC CRITICAL
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
by qlusec
CVSS 9.8
CVE-2023-30800 NOMISEC HIGH
MikroTik RouterOS 6.0-6.49.9 - Unauthenticated Denial of Service via HTTP Request
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
by diemaxxing
1 stars
CVSS 7.5
CVE-2024-44000 NOMISEC CRITICAL
LiteSpeed Cache < 6.5.0.1 - Unauthenticated Authentication Bypass via Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
by gbrsh
CVSS 9.8
CVE-2024-44450 NOMISEC MEDIUM
AIMS eCrew - Authorization Bypass Through User-Controlled Key
Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190.
by NaunetEU
CVSS 5.4
CVE-2024-32002 NOMISEC CRITICAL
Git <2.45.1-2.39.4 - Code Injection
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
by AD-Appledog
CVSS 9.0
CVE-2023-22809 NOMISEC HIGH
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by D0rDa4aN919
2 stars
CVSS 7.8
CVE-2024-25503 NOMISEC MEDIUM
Advanced REST Client 17.0.9 - Cross-Site Scripting via New Project Edit Details Parameter
Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function.
by EQSTLab
CVSS 4.7
CVE-2024-25291 NOMISEC CRITICAL
Deskfiler 1.2.3 - Remote Code Execution via Crafted Plugin Upload
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.
by EQSTLab
CVSS 9.8
CVE-2024-23995 NOMISEC MEDIUM
Beekeeper Studio <= 4.1.13 - Cross-Site Scripting in Database Table Column Name
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.
by EQSTLab
CVSS 6.1
CVE-2024-22891 NOMISEC CRITICAL
nteract 0.28.0 - Remote Code Execution via Markdown Link
Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.
by EQSTLab
CVSS 9.8
CVE-2024-25293 NOMISEC CRITICAL
mjml_app 3.0.4 and 3.1.0-beta - Remote Code Execution via Href Attribute
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.
by EQSTLab
CVSS 9.3
CVE-2024-23998 NOMISEC CRITICAL
Another Redis Desktop Manager <= 1.6.1 - Cross-Site Scripting in Setting Component
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.
by EQSTLab
CVSS 9.6
CVE-2024-23997 NOMISEC CRITICAL
yana <= 1.0.16 - Cross-Site Scripting via src/electron-main.ts
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
by EQSTLab
CVSS 9.6
CVE-2024-44000 NOMISEC CRITICAL
LiteSpeed Cache < 6.5.0.1 - Unauthenticated Authentication Bypass via Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
by absholi7ly
15 stars
CVSS 9.8
CVE-2024-30051 NOMISEC HIGH
Windows DWM Core Library - Privilege Escalation
Windows DWM Core Library Elevation of Privilege Vulnerability
by fortra
125 stars
CVSS 7.8
CVE-2024-38526 NOMISEC HIGH
pdoc < 14.5.1 - Dependency on Vulnerable Third-Party Component via polyfill.io CDN
pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.
by putget
CVSS 7.2
CVE-2024-34102 NOMISEC CRITICAL
Adobe Commerce and Magento - XML External Entity Injection to Code Execution
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
by Chocapikk
48 stars
CVSS 9.8
CVE-2024-3177 NOMISEC LOW
Kubernetes < 1.27.13, 1.28.0-1.28.8, 1.29.0-1.29.3 - Policy Bypass via envFrom Field
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.
by Cgv-Dev
CVSS 2.7
CVE-2023-2728 NOMISEC MEDIUM
kubernetes <1.24.14, 1.27.0-1.27.2 - Policy Bypass via Ephemeral Container Mountable Secrets
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
by Cgv-Dev
CVSS 6.5
CVE-2021-4044 NOMISEC HIGH
OpenSSL 3.0.0 - Infinite Loop via Certificate Verification Error Handling
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
by phirojshah
CVSS 7.5
CVE-2024-45589 NOMISEC MEDIUM
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 - Denial of Service via Username Parameter
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters.
by BenRogozinski
CVSS 5.9
CVE-2018-6574 NOMISEC HIGH
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by faqihudin13
CVSS 7.8
CVE-2024-0507 NOMISEC MEDIUM
GitHub Enterprise Server - Privilege Escalation
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
by convisolabs
CVSS 6.5
CVE-2023-32315 NOMISEC HIGH
Openfire authentication bypass with RCE plugin
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
by bryanqb07
CVSS 8.6