Nomisec Exploits

22,803 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-47615 NOMISEC CRITICAL
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - Local File Inclusion
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
by RandomRobbieBF
CVSS 9.3
CVE-2023-34634 NOMISEC HIGH
Greenshot < 1.2.10.6 - Remote Code Execution via Insecure .NET Deserialization
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.
by radman404
2 stars
CVSS 7.8
CVE-2020-0796 NOMISEC CRITICAL
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by Opensitoo
CVSS 10.0
CVE-2023-20073 NOMISEC MEDIUM
Cisco RV340, RV340W, RV345, and RV345P Firmware < 1.0.03.29 - Unauthenticated Arbitrary File Upload
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.
by RegularITCat
1 stars
CVSS 5.3
CVE-2023-32784 NOMISEC HIGH
KeePass 2.00-2.53 - Cleartext Master Password Exposure via Memory Dump
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
by vdohney
644 stars
CVSS 7.5
CVE-2023-24329 NOMISEC HIGH
Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
by H4R335HR
CVSS 7.5
CVE-2023-34853 NOMISEC HIGH
Supermicro X12DPG-QR 1.4b - Buffer Overflow via SmcSecurityEraseSetupVar
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.
by risuxx
CVSS 7.8
CVE-2023-2033 NOMISEC HIGH
Google Chrome < 112.0.5615.121 - Remote Code Execution via V8 Type Confusion
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
by tianstcht
CVSS 8.8
CVE-2018-5873 NOMISEC HIGH
Linux kernel <4.11 - Use After Free
An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.
by Trinadh465
CVSS 7.0
CVE-2022-39986 NOMISEC CRITICAL
raspap 2.8.0-2.8.7 - Unauthenticated Command Injection via cfg_id Parameter
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
by tucommenceapousser
CVSS 9.8
CVE-2023-2023 NOMISEC MEDIUM
Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting via URL Attribute
The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
by thatformat
5 stars
CVSS 6.1
CVE-2023-36899 NOMISEC HIGH
.NET Framework - Elevation of Privilege via ASP.NET
ASP.NET Elevation of Privilege Vulnerability
by midisec
32 stars
CVSS 8.8
CVE-2022-24124 NOMISEC HIGH
Casdoor < 1.13.1 - SQL Injection via Query API Parameters
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
by b1gdog
2 stars
CVSS 7.5
CVE-2023-2640 NOMISEC HIGH
GameOver(lay) Privilege Escalation and Container Escape
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
by OllaPapito
13 stars
CVSS 7.8
CVE-2023-3460 NOMISEC CRITICAL
Ultimate Member <2.6.7 - Privilege Escalation
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
by DiMarcoSK
CVSS 9.8
CVE-2021-36955 NOMISEC HIGH
Windows Common Log File System Driver - Privilege Escalation
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by JiaJinRong12138
14 stars
CVSS 7.8
CVE-2023-33242 NOMISEC CRITICAL
lindell17 - Private Key Extraction via Abort Handling in Lindell17 TSS Protocol
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
by d0rb
4 stars
CVSS 9.6
CVE-2023-2916 NOMISEC HIGH
InfiniteWP Client <= 1.11.1 - Authenticated Sensitive Information Exposure via admin_notice Function
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.
by d0rb
CVSS 7.5
CVE-2023-2033 NOMISEC HIGH
Google Chrome < 112.0.5615.121 - Remote Code Execution via V8 Type Confusion
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
by mistymntncop
66 stars
CVSS 8.8
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by thomas-osgood
2 stars
CVSS 6.5
CVE-2023-40296 NOMISEC HIGH
async-sockets-cpp <= 0.3.1 - Stack-based Buffer Overflow in UDP Packet Processing
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.
by Halcy0nic
1 stars
CVSS 7.5
CVE-2023-40294 NOMISEC MEDIUM
0branch boron 2.0.8 - Heap-Based Buffer Overflow in ur_parseBlockI
libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.
by Halcy0nic
2 stars
CVSS 6.5
CVE-2020-1472 NOMISEC MEDIUM
Netlogon Weak Cryptographic Authentication
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
by c3rrberu5
CVSS 5.5
CVE-2022-44312 NOMISEC MEDIUM
picoc 3.2.2 - Heap Buffer Overflow in ExpressionCoerceInteger
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.
by Halcy0nic
1 stars
CVSS 5.5
CVE-2023-27363 NOMISEC HIGH
Foxit PDF Reader < 12.1.1.15289 and PDF Editor < 10.1.11.37866 - Remote Code Execution via exportXFAData Method
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.
by qwqdanchun
2 stars
CVSS 7.8