Nomisec Exploits

22,804 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by entr0pie
30 stars
CVSS 6.5
CVE-2022-0165 NOMISEC MEDIUM
WordPress KingComposer <2.9.6 - Open Redirect
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
by K3ysTr0K3R
CVSS 6.1
CVE-2021-34621 NOMISEC CRITICAL
ProfilePress 3.0.0-3.1.3 - Unauthenticated Privilege Escalation via Registration
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
by RandomRobbieBF
CVSS 9.8
CVE-2021-22873 NOMISEC MEDIUM
Revive Adserver <5.1.0 - Open Redirect
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
by K3ysTr0K3R
1 stars
CVSS 6.1
CVE-2015-2166 NOMISEC
Ericsson Drutt Mobile Service Delivery Platform 4,5,6 Path Traversal via Dot Dot Encoded Slash
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
by K3ysTr0K3R
1 stars
CVE-2021-25032 NOMISEC CRITICAL
PublishPress Capabilities <2.3.1 - CSRF
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
by RandomRobbieBF
CVSS 9.8
CVE-2021-4191 NOMISEC MEDIUM
GitLab GraphQL API User Enumeration
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.
by K3ysTr0K3R
8 stars
CVSS 5.3
CVE-2022-0952 NOMISEC HIGH
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Option Update via REST Endpoint
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
by RandomRobbieBF
4 stars
CVSS 8.8
CVE-2023-30533 NOMISEC HIGH
SheetJS Community Edition < 0.19.3 - Prototype Pollution via Crafted File
SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.
by BenEdridge
12 stars
CVSS 7.8
CVE-2022-28171 NOMISEC HIGH
Hikvision Hybrid SAN/Cluster Storage Firmware < 2.3.8-6 - OS Command Injection
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.
by NyaMeeEain
4 stars
CVSS 7.5
CVE-2023-38646 NOMISEC CRITICAL
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by Any3ite
CVSS 9.8
CVE-2022-26965 NOMISEC HIGH
Pluck 4.7.16 - Authenticated Remote Code Execution via Theme Upload
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
by SkDevilS
CVSS 7.2
CVE-2023-26067 NOMISEC HIGH
Lexmark <2023-02-19 - Info Disclosure
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
by horizon3ai
28 stars
CVSS 8.1
CVE-2023-23638 NOMISEC MEDIUM
Apache Dubbo 2.7.0-2.7.21, 3.0.0-3.0.13, 3.1.0-3.1.5 - Remote Code Execution via Generic Invoke Deserialization
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
by YYHYlh
231 stars
CVSS 5.0
CVE-2022-1015 NOMISEC MEDIUM
Linux Kernel < 5.16.18 - Out-of-bounds Write in netfilter nf_tables_api
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
by more-kohii
1 stars
CVSS 6.6
CVE-2019-9053 NOMISEC HIGH
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by kahluri
CVSS 8.1
CVE-2023-39115 NOMISEC CRITICAL
Campcodes Online Matrimonial Website System Script <3.3 - XSS
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
by 0xrajdip
CVSS 9.8
CVE-2023-39115 NOMISEC CRITICAL
Campcodes Online Matrimonial Website System Script <3.3 - XSS
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
by Raj789-sec
CVSS 9.8
CVE-2023-39144 NOMISEC HIGH
Element55 KnowMore <21 - Info Disclosure
Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.
by cduram
CVSS 7.5
CVE-2017-12149 NOMISEC CRITICAL
Jboss Application Server - Code Injection
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
by MrE-Fog
CVSS 9.8
CVE-2022-20009 NOMISEC MEDIUM
Android - Local Privilege Escalation
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel
by szymonh
3 stars
CVSS 6.8
CVE-2019-11358 NOMISEC MEDIUM
jQuery < 3.4.0 - Prototype Pollution via jQuery.extend
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
by isacaya
1 stars
CVSS 6.1
CVE-2023-2868 NOMISEC CRITICAL
Barracuda Email Security Gateway <9.2.0.006 - Command Injection
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
by cashapp323232
CVSS 9.4
CVE-2018-6789 NOMISEC CRITICAL
Exim < 4.90.1 - Remote Code Execution via base64d Buffer Overflow
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
by thistehneisen
2 stars
CVSS 9.8
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by HusenjanDev
2 stars
CVSS 6.5