Nomisec Exploits

22,778 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-41623 NOMISEC HIGH
emlog pro2.1.14 - SQL Injection via uid Parameter
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
by GhostBalladw
CVSS 7.2
CVE-2016-5195 NOMISEC HIGH
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by ZhiQiAnSecFork
CVSS 7.0
CVE-2023-49070 NOMISEC CRITICAL
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
by abdoghazy2015
59 stars
CVSS 9.8
CVE-2023-22524 NOMISEC CRITICAL
Atlassian Companion 1.0.0-<2.0.0 - Remote Code Execution via WebSocket Bypass
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
by ron-imperva
25 stars
CVSS 9.8
CVE-2021-29447 NOMISEC HIGH
WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
by b-abderrahmane
1 stars
CVSS 7.1
CVE-2017-8046 NOMISEC CRITICAL
Spring Data REST < 2.6.9 and Spring Boot < 1.5.9 - Remote Code Execution via Malicious PATCH Request
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
by Soontao
2 stars
CVSS 9.8
CVE-2020-1337 NOMISEC HIGH
Windows Print Spooler - Privilege Escalation via Arbitrary File Write
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
by math1as
152 stars
CVSS 7.8
CVE-2017-1000486 NOMISEC CRITICAL
Primefaces Remote Code Execution Exploit
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
by LongWayHomie
CVSS 9.8
CVE-2023-30547 NOMISEC CRITICAL
Vm2 < 3.9.16 - Injection
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
by rvizx
47 stars
CVSS 9.8
CVE-2023-30547 NOMISEC CRITICAL
Vm2 < 3.9.16 - Injection
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
by rvzsec
46 stars
CVSS 9.8
CVE-2023-32629 NOMISEC HIGH
Ubuntu Linux - Local Privilege Escalation via OverlayFS Permission Check Bypass
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
by xS9NTX
1 stars
CVSS 7.8
CVE-2017-16995 NOMISEC HIGH
Linux BPF Sign Extension Local Privilege Escalation
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
by mareks1007
CVSS 7.8
CVE-2023-4636 NOMISEC MEDIUM
WordPress File Sharing Plugin <2.0.3 - XSS
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
by Ap0dexMe0
CVSS 4.4
CVE-2023-4636 NOMISEC MEDIUM
WordPress File Sharing Plugin <2.0.3 - XSS
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
by ThatNotEasy
CVSS 4.4
CVE-2023-5561 NOMISEC MEDIUM
WordPress 4.7-4.7.26 - Unauthenticated Email Address Disclosure via REST API Oracle Attack
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
by pog007
4 stars
CVSS 5.3
CVE-2023-31546 NOMISEC CRITICAL
DedeBIZ 6.0.3 - Cross-Site Scripting via Search Feature
Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature.
by ran9ege
1 stars
CVSS 9.6
CVE-2023-38646 NOMISEC CRITICAL
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by 0utl4nder
1 stars
CVSS 9.8
CVE-2023-38146 NOMISEC HIGH
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability
by Durge5
2 stars
CVSS 8.8
CVE-2019-15107 NOMISEC CRITICAL
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by 0x4r2
CVSS 9.8
CVE-2018-6574 NOMISEC HIGH
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by zerbaliy3v
CVSS 7.8
CVE-2021-40438 NOMISEC CRITICAL
Apache HTTP Server <2.4.48 - SSRF
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
by sergiovks
9 stars
CVSS 9.0
CVE-2023-36664 NOMISEC HIGH
Artifex Ghostscript <10.01.2 - Privilege Escalation
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
by jeanchpt
CVSS 7.8
CVE-2023-22515 NOMISEC CRITICAL
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
by C1ph3rX13
1 stars
CVSS 9.8
CVE-2022-0337 NOMISEC MEDIUM
Google Chrome <97.0.4692.71 - Info Disclosure
Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)
by zer0ne1
CVSS 6.5
CVE-2023-44487 NOMISEC HIGH
HTTP/2 - Denial of Service via Rapid Stream Reset
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
by sigridou
CVSS 7.5