Nomisec Exploits
21,798 exploits tracked across all sources.
MinIO - Info Disclosure
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.
by ifulxploit
CVSS 7.4
Cisco Sd-wan Vbond Orchestrator < 20.9 - Path Traversal
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
by mbadanoiu
CVSS 7.8
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by nico989
Apache Nifi < 1.21.0 - Insecure Deserialization
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.
The resolution validates the JNDI URL and restricts locations to a set of allowed schemes.
You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
by mbadanoiu
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
by duy-31
Sonicwall Sonicos < 7.0.1-5111 - Out-of-Bounds Write
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
by BishopFox
SonicOS - Buffer Overflow
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.
by BishopFox
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
by uthrasri
CVSS 7.5
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
by Trinadh465
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
by RandomRobbieBF
Apache Ofbiz <18.12.10 - RCE
Pre-auth RCE in Apache Ofbiz 18.12.09.
It's due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10
by yukselberkay
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
by googlei1996
CVSS 10.0
XAML Diagnostics - Privilege Escalation
XAML Diagnostics Elevation of Privilege Vulnerability
by m417z
Ietf HTTP < 1.57.0 - Denial of Service
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
by ndrscodes
PMB 7.4.8 - RCE
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.
by Xn2
CVSS 7.2
LearnPress <4.2.5.7 - SQL Injection
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by mimiloveexe
CVSS 9.8
SNP firmware - Memory Corruption
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
by Freax13
Alinto Sogo < 5.9.1 - XSS
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
by E1tex
CVSS 6.1
jeecg-boot 3.5.0 - SQL Injection
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
by shad0w0sec
request-baskets <1.2.1 - SSRF
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by MasterCode112
Anyscale Ray - SSRF
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. (Also, within that environment, customers at version 2.52.0 and later can choose to use token authentication.)
by 0x656565
Lfprojects Mlflow < 2.2.1 - Path Traversal
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
by hh-hunter
CVSS 9.3
Windows Common Log File System Driver - Privilege Escalation
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by RomanRybachek
SEV-SNP - Privilege Escalation
A privileged attacker
can prevent delivery of debug exceptions to SEV-SNP guests potentially
resulting in guests not receiving expected debug information.
by Freax13
Webmin < 1.920 - OS Command Injection
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by K3ysTr0K3R
By Source