Nomisec Exploits

22,800 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-27566 NOMISEC HIGH
Live2D Cubism Editor 4.2.03 - Out-of-bounds Write via MOC3 File Section Offset Table
Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file.
by OpenL2D
95 stars
CVSS 7.8
CVE-2016-4622 NOMISEC HIGH
Safari < 9.1.2 - Remote Code Execution via Memory Corruption
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
by saelo
109 stars
CVSS 8.8
CVE-2015-9235 NOMISEC CRITICAL
jsonwebtoken < 4.2.2 - Authentication Bypass via Algorithm Confusion
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
by Nxvh1337
3 stars
CVSS 9.8
CVE-2015-9235 NOMISEC CRITICAL
jsonwebtoken < 4.2.2 - Authentication Bypass via Algorithm Confusion
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
by WinDyAlphA
3 stars
CVSS 9.8
CVE-2023-43339 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Database Configuration Parameters
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
by sromanhu
CVSS 6.1
CVE-2022-32947 NOMISEC HIGH
iPadOS < 16.0 - Out-of-bounds Write
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.
by hoshinolina
186 stars
CVSS 7.8
CVE-2023-2640 NOMISEC HIGH
GameOver(lay) Privilege Escalation and Container Escape
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
by luanoliveira350
17 stars
CVSS 7.8
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by pashayogi
1 stars
CVSS 7.8
CVE-2022-4061 NOMISEC HIGH
JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
by im-hanzou
6 stars
CVSS 7.5
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by ngothienan
CVSS 7.8
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by an040702
CVSS 7.8
CVE-2023-27372 NOMISEC CRITICAL
SPIP < 4.2.1 - Remote Code Execution via Form Value Deserialization
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
by Chocapikk
6 stars
CVSS 9.8
CVE-2022-4060 NOMISEC CRITICAL
User Post Gallery WP <2.19 - Code Injection
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.
by im-hanzou
8 stars
CVSS 9.8
CVE-2019-20372 NOMISEC MEDIUM
NGINX < 1.17.7 - HTTP Request Smuggling via error_page Configuration
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
by 0xleft
5 stars
CVSS 5.3
CVE-2019-13288 NOMISEC MEDIUM
Glyphandcog Xpdfreader - Denial of Service
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
by gleaming0
CVSS 5.5
CVE-2014-6287 NOMISEC CRITICAL
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by 10cks
CVSS 9.8
CVE-2022-4063 NOMISEC CRITICAL
InPost Gallery <2.1.4.1 - Code Injection
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
by im-hanzou
2 stars
CVSS 9.8
CVE-2023-1698 NOMISEC CRITICAL
WAGO Compact Controller 100 Firmware 20-22 - Unauthenticated OS Command Injection
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
by Chocapikk
4 stars
CVSS 9.8
CVE-2021-44832 NOMISEC MEDIUM
Apache Log4j 2.0-beta7-2.17.0 - Remote Code Execution via JDBC Appender JNDI LDAP Data Source
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
by name
1 stars
CVSS 6.6
CVE-2019-14234 NOMISEC CRITICAL
Django <1.11.23,2.1.11,2.2.4 - SQL Injection
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
by malvika-thakur
2 stars
CVSS 9.8
CVE-2023-26607 NOMISEC HIGH
Linux kernel <6.0.8 - Info Disclosure
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
by Trinadh465
CVSS 7.1
CVE-2023-2986 NOMISEC CRITICAL
Abandoned Cart Lite for WooCommerce <= 5.14.2 - Unauthenticated Authentication Bypass via Insufficient Encryption
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through historical check-out links, and additional hardening was introduced in version 5.15.2 that ensured null key values wouldn't permit the authentication bypass.
by Ayantaker
6 stars
CVSS 9.8
CVE-2022-40684 NOMISEC CRITICAL
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
by Anthony1500
CVSS 9.8
CVE-2022-3564 NOMISEC MEDIUM
Linux Kernel 3.6-4.9.332 - Use-After-Free in Bluetooth L2CAP SDU Reassembly
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
by Trinadh465
CVSS 5.5
CVE-2023-42362 NOMISEC MEDIUM
Teller 4.4.0 - Arbitrary File Upload and Remote Code Execution
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.
by Mr-n0b3dy
CVSS 5.4