Nomisec Exploits

22,766 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-37434 NOMISEC CRITICAL
zlib <= 1.2.12 - Heap-Based Buffer Overflow in inflate via Large Gzip Header Extra Field
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
by Trinadh465
CVSS 9.8
CVE-2024-21626 NOMISEC HIGH
runc (docker) File Descriptor Leak Privilege Escalation
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
by cdxiaodong
5 stars
CVSS 8.6
CVE-2023-22527 NOMISEC CRITICAL
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
by YongYe-Security
CVSS 9.8
CVE-2024-21626 NOMISEC HIGH
runc (docker) File Descriptor Leak Privilege Escalation
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
by skysbsb
CVSS 8.6
CVE-2024-20931 NOMISEC HIGH
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Unauthorized Data Access via T3/IIOP
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
by GlassyAmadeus
76 stars
CVSS 7.5
CVE-2023-41892 NOMISEC CRITICAL
Craft CMS unauthenticated Remote Code Execution (RCE)
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
by diegaccio
5 stars
CVSS 10.0
CVE-2024-21626 NOMISEC HIGH
runc (docker) File Descriptor Leak Privilege Escalation
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
by zpxlz
1 stars
CVSS 8.6
CVE-2023-32784 NOMISEC HIGH
KeePass 2.00-2.53 - Cleartext Master Password Exposure via Memory Dump
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
by mister-turtle
4 stars
CVSS 7.5
CVE-2024-23897 NOMISEC CRITICAL
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by binganao
99 stars
CVSS 9.8
CVE-2023-36845 NOMISEC CRITICAL
Juniper Junos OS Multiple Versions - Unauthenticated Remote Code Execution via PHPRC
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
by cyb3rzest
CVSS 9.8
CVE-2023-45779 NOMISEC HIGH
Android APEX Module Framework - Local Privilege Escalation via Improper Cryptographic Validation
In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.
by metaredteam
103 stars
CVSS 7.8
CVE-2023-6036 NOMISEC CRITICAL
Web3 WordPress <3.0.0 - Auth Bypass
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
by pctripsesp
1 stars
CVSS 9.8
CVE-2023-29489 NOMISEC MEDIUM
cPanel < 11.102.0.31 - Cross-Site Scripting via Invalid Webcall ID
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
by mdaseem03
4 stars
CVSS 5.3
CVE-2023-5961 NOMISEC HIGH
Moxa ioLogik E1200 Series Firmware < 3.3 - Cross-Site Request Forgery
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
by HadessCS
1 stars
CVSS 8.8
CVE-2023-49950 NOMISEC MEDIUM
Logpoint SIEM 6.10.0-7.x < 7.3.0 - Stored Cross-Site Scripting via Jinja Template in Alert View
The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.
by shrikeinfosec
CVSS 5.4
CVE-2021-30632 NOMISEC HIGH
Google Chrome <93.0.4577.82 - Heap Corruption
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by paulsery
CVSS 8.8
CVE-2024-23897 NOMISEC CRITICAL
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by viszsec
5 stars
CVSS 9.8
CVE-2024-24142 NOMISEC CRITICAL
Sourcecodester School Task Manager 1.0 - SQL Injection via Subject Parameter
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
by BurakSevben
CVSS 9.8
CVE-2024-24141 NOMISEC CRITICAL
Sourcecodester School Task Manager App 1.0 - SQL Injection via Task Parameter
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.
by BurakSevben
CVSS 9.8
CVE-2024-24139 NOMISEC HIGH
Login System with Email Verification 1.0 - SQL Injection via User Parameter
Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.
by BurakSevben
CVSS 7.2
CVE-2024-24136 NOMISEC MEDIUM
Sourcecodester Math Game with Leaderboard 1.0 - Stored Cross-Site Scripting via Your Name Field
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.
by BurakSevben
CVSS 6.1
CVE-2024-24135 NOMISEC MEDIUM
Product Inventory with Export to Excel 1.0 - Stored Cross-Site Scripting in Product Name and Code
Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.
by BurakSevben
CVSS 6.1
CVE-2024-24134 NOMISEC MEDIUM
Sourcecodester Online Food Menu 1.0 - Stored Cross-Site Scripting via Menu Name and Description Fields
Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.
by BurakSevben
CVSS 4.8
CVE-2024-24140 NOMISEC HIGH
Daily Habit Tracker App 1.0 - SQL Injection via Tracker Parameter
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
by BurakSevben
CVSS 7.2
CVE-2023-36845 NOMISEC CRITICAL
Juniper Junos OS Multiple Versions - Unauthenticated Remote Code Execution via PHPRC
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
by Asbawy
19 stars
CVSS 9.8