Nomisec Exploits

22,766 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-21887 NOMISEC MEDIUM
MySQL Server 8.0.0-8.0.31 - Authenticated Denial of Service in GIS Component
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
by zwxxb
2 stars
CVSS 4.9
CVE-2023-28588 NOMISEC HIGH
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
by uthrasri
CVSS 7.5
CVE-2024-22416 NOMISEC CRITICAL
pyload-ng < 0.5.0b3.dev78 - Unauthenticated Cross-Site Request Forgery via GET API Requests
pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.
by theorzr
CVSS 9.6
CVE-2024-22416 NOMISEC CRITICAL
pyload-ng < 0.5.0b3.dev78 - Unauthenticated Cross-Site Request Forgery via GET API Requests
pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.
by mindstorm38
CVSS 9.6
CVE-2023-33902 NOMISEC MEDIUM
Bluetooth Service - Info Disclosure
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
by uthrasri
CVSS 5.5
CVE-2023-28588 NOMISEC HIGH
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
by uthrasri
CVSS 7.5
CVE-2023-28588 NOMISEC HIGH
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
by uthrasri
CVSS 7.5
CVE-2024-22411 NOMISEC MEDIUM
Avo < 2.47.0 and 3.0.0.beta1-3.3.0 - Stored Cross-Site Scripting via Action Toast Notification
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to `error` or `succeed` in an `Avo::BaseAction` subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious user could exploit this vulnerability to trigger a cross site scripting attack on an unsuspecting user. This issue has been addressed in the 3.3.0 and 2.47.0 releases of Avo. Users are advised to upgrade.
by tamaloa
CVSS 6.5
CVE-2023-46805 NOMISEC HIGH
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
by cbeek-r7
5 stars
CVSS 8.2
CVE-2022-28368 NOMISEC CRITICAL
dompdf < 1.2.1 - Remote Code Execution via CSS @font-face src:url
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
by rvzsec
16 stars
CVSS 9.8
CVE-2022-28368 NOMISEC CRITICAL
dompdf < 1.2.1 - Remote Code Execution via CSS @font-face src:url
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
by rvizx
16 stars
CVSS 9.8
CVE-2022-21907 NOMISEC CRITICAL
Windows 10, 11, and Server - Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
by kamal-marouane
1 stars
CVSS 9.8
CVE-2022-28346 NOMISEC CRITICAL
Django 2.2-2.2.27, 3.2-3.2.12, 4.0-4.0.3 - SQL Injection via QuerySet Column Alias Dictionary Expansion
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
by kamal-marouane
1 stars
CVSS 9.8
CVE-2023-46805 NOMISEC HIGH
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
by Chocapikk
12 stars
CVSS 8.2
CVE-2023-3460 NOMISEC CRITICAL
Ultimate Member <2.6.7 - Privilege Escalation
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
by julienbrs
CVSS 9.8
CVE-2023-22527 NOMISEC CRITICAL
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
by Sudistark
3 stars
CVSS 9.8
CVE-2023-7028 NOMISEC CRITICAL
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
by Esonhugh
4 stars
CVSS 10.0
CVE-2023-35001 NOMISEC HIGH
Linux Kernel 3.13-4.14.322 - Out-of-bounds Write in nftables nft_byteorder
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
by mrbrelax
CVSS 7.8
CVE-2015-1986 NOMISEC
IBM Tivoli Storage Manager FastBack 6.1 - Remote Command Execution
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938.
by MayaOfVeil
1 stars
CVE-2005-0575 NOMISEC
Stormy Studios Knet <= 1.04c - Buffer Overflow via Long HTTP GET Request
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
by MayaOfVeil
CVE-2016-8823 NOMISEC HIGH
NVIDIA Windows GPU Display Driver - DoS
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges
by SpiralBL0CK
1 stars
CVSS 7.8
CVE-2023-49339 NOMISEC MEDIUM
Ellucian Banner 9.17 - Info Disclosure
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.
by 3zizme
3 stars
CVSS 6.5
CVE-2021-1675 NOMISEC HIGH
Windows Print Spooler - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
by peckre
CVSS 7.8
CVE-2024-22145 NOMISEC HIGH
InstaWP Connect <0.1.0.8 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
by RandomRobbieBF
4 stars
CVSS 8.8
CVE-2024-21887 NOMISEC CRITICAL
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
by duy-31
23 stars
CVSS 9.1