Nomisec Exploits

22,770 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-46474 NOMISEC HIGH
PMB 7.4.8 - Remote Code Execution via start_import.php File Upload
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.
by Xn2
CVSS 7.2
CVE-2023-6567 NOMISEC CRITICAL
LearnPress <4.2.5.7 - SQL Injection
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by mimiloveexe
CVSS 9.8
CVE-2024-21980 NOMISEC HIGH
AMD EPYC 7003 Series Firmware < milanpi_1.0.0.d - Memory Corruption via SNP Firmware Write Operations
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
by Freax13
8 stars
CVSS 7.9
CVE-2023-48104 NOMISEC MEDIUM
Alinto SOGo < 5.9.1 - HTML Injection
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
by E1tex
CVSS 6.1
CVE-2023-1454 NOMISEC MEDIUM
jeecg-boot 3.5.0 - SQL Injection via apiSelectId Parameter
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
by shad0w0sec
4 stars
CVSS 6.3
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by MasterCode112
2 stars
CVSS 6.5
CVE-2023-48022 NOMISEC CRITICAL
Anyscale Ray 2.6.3 and 2.8.0 - Remote Code Execution via Job Submission API
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. (Also, within that environment, customers at version 2.52.0 and later can choose to use token authentication.)
by 0x656565
2 stars
CVSS 9.8
CVE-2023-1177 NOMISEC CRITICAL
MLflow < 2.2.1 - Path Traversal via Backslash Sequence
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
by hh-hunter
CVSS 9.3
CVE-2023-36900 NOMISEC HIGH
Windows Common Log File System Driver - Privilege Escalation
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by RomanRybachek
4 stars
CVSS 7.8
CVE-2023-20573 NOMISEC LOW
AMD EPYC Firmware - Debug Exception Delivery Failure
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
by Freax13
6 stars
CVSS 3.2
CVE-2019-15107 NOMISEC CRITICAL
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by K3ysTr0K3R
9 stars
CVSS 9.8
CVE-2023-51385 NOMISEC MEDIUM
OpenSSH < 9.6 - OS Command Injection via Shell Metacharacters in Username or Hostname
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
by Sonicrrrr
CVSS 6.5
CVE-2023-4357 NOMISEC HIGH
Google Chrome <116.0.5845.96 - Auth Bypass
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
by WinnieZy
CVSS 8.8
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by scabench
CVSS 10.0
CVE-2023-46604 NOMISEC CRITICAL
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
by hh-hunter
CVSS 10.0
CVE-2022-36553 NOMISEC CRITICAL
Hytec Inter HWL-2511-SS <v1.05 - Command Injection
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
by 0xNslabs
6 stars
CVSS 9.8
CVE-2022-36267 NOMISEC CRITICAL
Airspan AirSpot 5410 <0.3.4.1-4 - Command Injection
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
by 0xNslabs
10 stars
CVSS 9.8
CVE-2023-42793 NOMISEC CRITICAL
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
by johnossawy
CVSS 9.8
CVE-2023-44487 NOMISEC HIGH
HTTP/2 - Denial of Service via Rapid Stream Reset
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
by bcdannyboy
241 stars
CVSS 7.5
CVE-2023-41474 NOMISEC MEDIUM
Ivanti Avalanche <6.3.4.153 - Path Traversal
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
by JBalanza
4 stars
CVSS 6.5
CVE-2023-28229 NOMISEC HIGH
Windows CNG Key Isolation Service - Privilege Escalation
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
by Y3A
137 stars
CVSS 7.0
CVE-2024-21633 NOMISEC HIGH
apktool < 2.9.2 - Path Traversal via Resource File Output Path Manipulation
Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.
by 0x33c0unt
80 stars
CVSS 7.8
CVE-2023-28432 NOMISEC HIGH
Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
by netuseradministrator
1 stars
CVSS 7.5
CVE-2023-46813 NOMISEC HIGH
Linux kernel <6.5.9 - Privilege Escalation
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.
by Freax13
8 stars
CVSS 7.0
CVE-2020-17086 NOMISEC HIGH
Raw Image Extension < 1.0.32861.0 - Remote Code Execution
Raw Image Extension Remote Code Execution Vulnerability
by T81oub
CVSS 7.8