Nomisec Exploits

22,796 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-42222 NOMISEC HIGH
WebCatalog < 49.0 - Arbitrary Protocol Execution via shell.openExternal
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
by itssixtyn3in
3 stars
CVSS 8.8
CVE-2023-4762 NOMISEC HIGH
Google Chrome < 116.0.5845.179 - Remote Code Execution via V8 Type Confusion
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
by sherlocksecurity
CVSS 8.8
CVE-2023-38571 NOMISEC HIGH
macOS < 11.7.9 - Privacy Preferences Bypass via Symlink Validation
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.
by gergelykalman
13 stars
CVSS 7.5
CVE-2023-4762 NOMISEC HIGH
Google Chrome < 116.0.5845.179 - Remote Code Execution via V8 Type Confusion
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
by buptsb
25 stars
CVSS 8.8
CVE-2023-36845 NOMISEC CRITICAL
Juniper Junos OS Multiple Versions - Unauthenticated Remote Code Execution via PHPRC
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
by toanln-cov
CVSS 9.8
CVE-2023-20209 NOMISEC MEDIUM
Cisco Expressway Series/VCS - Command Injection
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.
by peter5he1by
CVSS 6.5
CVE-2022-21894 NOMISEC MEDIUM
Windows 10, 11, 8.1, Server 2012, and Server - Secure Boot Security Feature Bypass
Secure Boot Security Feature Bypass Vulnerability
by Wack0
349 stars
CVSS 4.4
CVE-2022-21894 NOMISEC MEDIUM
Windows 10, 11, 8.1, Server 2012, and Server - Secure Boot Security Feature Bypass
Secure Boot Security Feature Bypass Vulnerability
by ASkyeye
15 stars
CVSS 4.4
CVE-2023-5024 NOMISEC LOW
Planno planning_biblio 23.04.04 - Cross-Site Scripting in Comment Handler
A vulnerability was found in Planno 23.04.04. It has been classified as problematic. This affects an unknown part of the component Comment Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239865 was assigned to this vulnerability.
by PH03N1XSP
CVSS 3.5
CVE-2023-34152 NOMISEC CRITICAL
ImageMagick - Remote Code Execution via OpenBlob Pipe Handling
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
by overgrowncarrot1
10 stars
CVSS 9.8
CVE-2023-29357 NOMISEC CRITICAL
Sharepoint Dynamic Proxy Generator Unauth RCE
Microsoft SharePoint Server Elevation of Privilege Vulnerability
by Chocapikk
235 stars
CVSS 9.8
CVE-2023-35793 NOMISEC HIGH
Cassia Access Controller 2.1.1.2303271039 - Cross-Site Request Forgery in Web SSH Session
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks.
by Dodge-MPTC
6 stars
CVSS 8.8
CVE-2023-43326 NOMISEC MEDIUM
mooSocial 3.1.8 - Reflected Cross-Site Scripting via Crafted URL
A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.
by ahrixia
CVSS 6.1
CVE-2023-43323 NOMISEC MEDIUM
mooSocial 3.1.8 - Server-Side Request Forgery via Post Function Parameters
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].
by ahrixia
1 stars
CVSS 6.5
CVE-2023-32364 NOMISEC HIGH
macOS Ventura <13.5 - Privilege Escalation
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.
by gergelykalman
22 stars
CVSS 8.6
CVE-2023-21272 NOMISEC HIGH
Android - Local Privilege Escalation via URI Permission Grant
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
by Trinadh465
CVSS 7.8
CVE-2022-1040 NOMISEC CRITICAL
Sophos Firewall < 18.5.3 - Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
by Cyb3rEnthusiast
1 stars
CVSS 9.8
CVE-2022-21894 NOMISEC MEDIUM
Windows 10, 11, 8.1, Server 2012, and Server - Secure Boot Security Feature Bypass
Secure Boot Security Feature Bypass Vulnerability
by nova-master
3 stars
CVSS 4.4
CVE-2020-0601 NOMISEC HIGH
Windows 10 and Windows Server - Certificate Spoofing via ECC Certificate Validation
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
by tyj956413282
CVSS 8.1
CVE-2023-4863 NOMISEC HIGH
Google Chrome <116.0.5845.187 - Buffer Overflow
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
by talbeerysec
3 stars
CVSS 8.8
CVE-2023-44763 NOMISEC MEDIUM
Concrete CMS 9.2.1 - Arbitrary File Upload and Cross-Site Scripting via Thumbnail File Upload
Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the allowed file types in the default configuration.
by sromanhu
CVSS 5.4
CVE-2023-44764 NOMISEC MEDIUM
Concrete CMS < 9.2.3 - Stored Cross-Site Scripting via Name Parameter during Installation
A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).
by sromanhu
CVSS 5.4
CVE-2023-44766 NOMISEC MEDIUM
Concrete CMS 9.2.1 - Stored Cross-Site Scripting in SEO Extra Field
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature.
by sromanhu
CVSS 4.8
CVE-2023-44762 NOMISEC MEDIUM
Concrete CMS 9.2.0-9.2.2 - Cross-Site Scripting via Tags Settings
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
by sromanhu
CVSS 5.4
CVE-2023-44761 NOMISEC MEDIUM
Concrete CMS 8.5.13 and below, 9.0.0-9.2.1 - Stored Cross-Site Scripting via Forms Data Objects
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
by sromanhu
CVSS 5.4