Nomisec Exploits

22,793 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-45657 NOMISEC HIGH
POSIMYTH Nexter <= 2.0.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.
by RandomRobbieBF
CVSS 8.5
CVE-2023-28432 NOMISEC HIGH
Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
by yTxZx
3 stars
CVSS 7.5
CVE-2023-20963 NOMISEC HIGH
Android - Local Privilege Escalation via WorkSource Parcel Mismatch
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
by Trinadh465
CVSS 7.8
CVE-2018-7843 NOMISEC HIGH
Modicon M580, M340, Quantum, and Premium Firmware - Denial of Service via Invalid Modbus Memory Block Read
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.
by yanissec
CVSS 7.5
CVE-2022-26134 NOMISEC CRITICAL
Confluence - Remote Code Execution
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
by yTxZx
CVSS 9.8
CVE-2023-23752 NOMISEC MEDIUM
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by yTxZx
CVSS 5.3
CVE-2023-22515 NOMISEC CRITICAL
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
by youcannotseemeagain
20 stars
CVSS 9.8
CVE-2023-26976 NOMISEC HIGH
Tenda AC6 <15.03.05.09 - Buffer Overflow
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
by FzBacon
1 stars
CVSS 7.5
CVE-2023-36076 NOMISEC CRITICAL
smanga < 3.1.9 - SQL Injection via mediaId, mangaId, and userId Parameters
SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php.
by deIndra
CVSS 9.8
CVE-2023-1698 NOMISEC CRITICAL
WAGO Compact Controller 100 Firmware 20-22 - Unauthenticated OS Command Injection
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
by deIndra
CVSS 9.8
CVE-2023-34537 NOMISEC MEDIUM
HotelDruid 3.0.5 - Reflected Cross-Site Scripting
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
by leekenghwa
CVSS 5.4
CVE-2023-46003 NOMISEC MEDIUM
i-doit < 25 - Stored Cross-Site Scripting via index.php
I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.
by leekenghwa
CVSS 5.4
CVE-2023-45992 NOMISEC CRITICAL
RUCKUS Cloudpath <5.12.5538 - XSS/CSRF
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
by harry935
CVSS 9.6
CVE-2023-45857 NOMISEC MEDIUM
Axios 1.5.1 - Sensitive Information Exposure via X-XSRF-TOKEN Header
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
by valentin-panov
CVSS 6.5
CVE-2023-20198 NOMISEC CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by reket99
CVSS 10.0
CVE-2021-41277 NOMISEC CRITICAL
Metabase - Path Traversal and Local File Inclusion via Custom GeoJSON Map URL
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
by RubXkuB
1 stars
CVSS 10.0
CVE-2021-39165 NOMISEC HIGH
Cachet <= 2.3.18 - Unauthenticated SQL Injection via SearchableTrait
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.
by manbolq
CVSS 8.1
CVE-2021-25741 NOMISEC HIGH
Kubernetes < 1.19.14 - Unauthenticated Files or Directories Accessible via Subpath Volume Mounts
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
by cdxiaodong
CVSS 8.8
CVE-2023-33517 NOMISEC HIGH
carRental 1.0 - Arbitrary File Read via Incorrect Access Control
carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).
by wushigudan
CVSS 7.5
CVE-2021-21974 NOMISEC HIGH
VMware ESXi Remote Code Execution via OpenSLP Heap Overflow
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
by hateme021202
CVSS 8.8
CVE-2023-45966 NOMISEC HIGH
remark42 < 1.12.1 - Server-Side Request Forgery via Newsletter Import URL Parameter
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.
by jet-pentest
CVSS 7.5
CVE-2023-41993 NOMISEC HIGH
iPadOS < 17.0.1 - Remote Code Execution via Web Content Processing
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
by hrtowii
16 stars
CVSS 8.8
CVE-2021-44168 NOMISEC LOW
FortiOS < 6.0.14 - Authenticated Arbitrary File Write via Restore Command
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
by 0xhaggis
21 stars
CVSS 3.3
CVE-2023-4169 NOMISEC MEDIUM
Ruijie RG-EW1200G 1.0(1)B1P5 - Improper Access Control in Administrator Password Handler
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by thedarknessdied
27 stars
CVSS 6.3
CVE-2023-5540 NOMISEC MEDIUM
moodle < 3.9.24 and >= 4.0.0 < 4.3.0-rc2 - Authenticated Remote Code Execution in IMSCP Activity
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
by cli-ish
CVSS 4.7