Nomisec Exploits

21,860 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-0069 NOMISEC HIGH
Mediatek Command Queue driver - Privilege Escalation
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
by 0xf15h
12 stars
CVSS 7.8
CVE-2023-4278 NOMISEC HIGH
MasterStudy LMS <3.0.18 - Info Disclosure
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
by revan-ar
CVSS 7.5
CVE-2023-4698 NOMISEC HIGH
Memos < 0.13.2 - Improper Input Validation
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
by mnqazi
CVSS 7.5
CVE-2023-36143 NOMISEC HIGH
Maxprint Maxlink 1200G v3.4.11E - Command Injection
Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.
by RobinTrigon
CVSS 8.8
CVE-2023-34039 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
by syedhafiz1234
1 stars
CVSS 9.8
CVE-2023-35001 NOMISEC HIGH
Linux Kernel < 4.14.322 - Out-of-Bounds Write
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
by syedhafiz1234
7 stars
CVSS 7.8
CVE-2022-41082 NOMISEC HIGH
Microsoft Exchange Server - RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by SUPRAAA-1337
2 stars
CVSS 8.0
CVE-2022-24086 NOMISEC CRITICAL
Adobe Commerce <2.4.3-p1, <2.3.7-p2 - RCE
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
by BurpRoot
CVSS 9.8
CVE-2022-21907 NOMISEC CRITICAL
HTTP Protocol Stack - RCE
HTTP Protocol Stack Remote Code Execution Vulnerability
by asepsaepdin
CVSS 9.8
CVE-2010-1240 NOMISEC
Adobe PDF Embedded EXE Social Engineering
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
by asepsaepdin
1 stars
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by Fa1c0n35
CVSS 7.8
CVE-2023-31346 NOMISEC MEDIUM
SEV Firmware - Info Disclosure
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
by Freax13
1 stars
CVSS 6.0
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by asepsaepdin
CVSS 7.8
CVE-2022-46689 NOMISEC HIGH
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
by tdquang266
1 stars
CVSS 7.0
CVE-2023-34039 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
by Cyb3rEnthusiast
3 stars
CVSS 9.8
CVE-2023-22809 NOMISEC HIGH
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by Toothless5143
2 stars
CVSS 7.8
CVE-2021-43798 NOMISEC HIGH
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
by victorhorowitz
CVSS 7.5
CVE-2021-34523 NOMISEC CRITICAL
Microsoft Exchange Server - Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
by SUPRAAA-1337
2 stars
CVSS 9.0
CVE-2017-0199 NOMISEC HIGH
Microsoft Office Word Malicious Hta Execution
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
by TheCyberWatchers
CVSS 7.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by sohamsharma966
CVSS 9.8
CVE-2019-16098 NOMISEC HIGH
Micro-Star MSI Afterburner 4.6.2.15658 - Privilege Escalation
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
by 0xDivyanshu-new
6 stars
CVSS 7.8
CVE-2023-38829 NOMISEC HIGH
NETIS SYSTEMS WF2409E <3.6.42541 - RCE
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.
by adhikara13
1 stars
CVSS 8.8
CVE-2023-34039 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
by CharonDefalt
CVSS 9.8
CVE-2023-40869 NOMISEC MEDIUM
mooSocial <3.1.7 - XSS
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.
by MinoTauro2020
1 stars
CVSS 6.1
CVE-2023-40868 NOMISEC HIGH
MooSocial Software Demo - CSRF
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.
by MinoTauro2020
1 stars
CVSS 8.8
By Source
All 21,860 Writeup 60,270 Exploitdb 50,007 Nomisec 21,860 Metasploit 3,224 Github 2,611 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,985 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 217 shell 91 go 55 postscript 25 xml 24