Nomisec Exploits

22,806 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-36884 NOMISEC HIGH
Microsoft Windows Search - Remote Code Execution
Windows Search Remote Code Execution Vulnerability
by zerosorai
2 stars
CVSS 7.5
CVE-2022-1026 NOMISEC HIGH
Kyocera Net Viewer < 2s0_1000.005.0012s5_2000.002.505 - Unprotected User Data Exposure via Address Book Export
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
by flamebarke
2 stars
CVSS 8.6
CVE-2017-6074 NOMISEC HIGH
Linux Kernel < 3.2.86 - Double Free in DCCP Packet Processing
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
by toanthang1842002
CVSS 7.8
CVE-2023-23397 NOMISEC CRITICAL
Microsoft Outlook - Privilege Escalation
Microsoft Outlook Elevation of Privilege Vulnerability
by Muhammad-Ali007
22 stars
CVSS 9.8
CVE-2023-30383 NOMISEC HIGH
TP-LINK Archer C2/C20/C50 Firmware - Buffer Overflow leading to Denial of Service
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.
by a2ure123
CVSS 7.5
CVE-2023-28121 NOMISEC CRITICAL
WooCommerce Payments < 4.8.2 and WooPayments < 5.6.2 - Unauthenticated Privilege Escalation via Request Forgery
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
by im-hanzou
11 stars
CVSS 9.8
CVE-2022-44268 NOMISEC MEDIUM
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
by Pog-Frog
CVSS 6.5
CVE-2023-25157 NOMISEC CRITICAL
GeoServer < 2.18.7 and 2.18.7-2.21.4 - SQL Injection via OGC Filter and CQL Expressions
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
by win3zz
170 stars
CVSS 9.8
CVE-2023-31851 NOMISEC MEDIUM
Cudy LT400 1.13.4 - Cross-Site Scripting via iface Parameter
Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.
by CalfCrusher
CVSS 6.1
CVE-2023-31852 NOMISEC MEDIUM
Cudy LT400 1.13.4 - Cross-Site Scripting via iface Parameter
Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter.
by CalfCrusher
CVSS 6.1
CVE-2023-31853 NOMISEC MEDIUM
Cudy LT400 1.13.4 - Cross-Site Scripting via Bandwidth Icon Parameter
Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.
by CalfCrusher
CVSS 6.1
CVE-2023-33592 NOMISEC CRITICAL
Lost and Found Information System v1.0 - SQL Injection
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
by ChineseOldboy
1 stars
CVSS 9.8
CVE-2019-5418 NOMISEC HIGH
Ruby On Rails File Content Disclosure (
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
by ztgrace
CVSS 7.5
CVE-2023-36884 NOMISEC HIGH
Microsoft Windows Search - Remote Code Execution
Windows Search Remote Code Execution Vulnerability
by deepinstinct
1 stars
CVSS 7.5
CVE-2002-0748 NOMISEC
LabVIEW Web Server 5.1.1-6.1 - Denial of Service via Malformed HTTP GET Request
LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.
by fauzanwijaya
CVE-2023-22809 NOMISEC HIGH
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by asepsaepdin
6 stars
CVSS 7.8
CVE-2021-1732 NOMISEC HIGH
Windows 10 1803-20H2 and Windows Server 1909-20H2 - Elevation of Privilege via Win32k ConsoleControl Offset Confusion
Windows Win32k Elevation of Privilege Vulnerability
by asepsaepdin
1 stars
CVSS 7.8
CVE-2019-13292 NOMISEC CRITICAL
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by alealeluyah
2 stars
CVSS 9.8
CVE-2019-13292 NOMISEC CRITICAL
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by alebrestado
2 stars
CVSS 9.8
CVE-2019-13292 NOMISEC CRITICAL
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by 808ale
2 stars
CVSS 9.8
CVE-2023-31704 NOMISEC CRITICAL
Sourcecodester Online Computer and Laptop Store 1.0 - Incorrect Authorization
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.
by d34dun1c02n
CVSS 9.8
CVE-2023-31705 NOMISEC MEDIUM
Sourcecodester Task Reminder System 1.0 - XSS
A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.
by d34dun1c02n
CVSS 5.4
CVE-2023-3460 NOMISEC CRITICAL
Ultimate Member <2.6.7 - Privilege Escalation
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
by diego-tella
7 stars
CVSS 9.8
CVE-2022-1388 NOMISEC CRITICAL
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by SudeepaShiranthaka
CVSS 9.8
CVE-2023-24489 NOMISEC CRITICAL
Citrix ShareFile Storage Zones Controller - Unauthenticated Remote Compromise
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
by adhikara13
13 stars
CVSS 9.8