Nomisec Exploits

22,806 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-3904 NOMISEC MEDIUM
MonsterInsights < 8.9.1 - Unauthenticated Stored Cross-Site Scripting via Page Title Spoofing
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
by RandomRobbieBF
3 stars
CVSS 6.1
CVE-2023-35803 NOMISEC CRITICAL
Extreme Networks IQ Engine < 10.6r2 - Buffer Overflow in acsd Service
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.
by lachlan2k
23 stars
CVSS 9.8
CVE-2023-35744 NOMISEC HIGH
D-Link DAP-2622 Firmware < 1.10b03r022 - Unauthenticated Stack-based Buffer Overflow in DDP Configuration Restore
D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20071.
by ADSSA-IT
CVSS 8.8
CVE-2023-28121 NOMISEC CRITICAL
WooCommerce Payments < 4.8.2 and WooPayments < 5.6.2 - Unauthenticated Privilege Escalation via Request Forgery
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
by rio128128
1 stars
CVSS 9.8
CVE-2023-27372 NOMISEC CRITICAL
SPIP < 4.2.1 - Remote Code Execution via Form Value Deserialization
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
by izzz0
2 stars
CVSS 9.8
CVE-2022-22057 NOMISEC HIGH
Qualcomm APQ8053 Firmware - Use-After-Free via Graphics Fence Race Condition
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
by diabl0w
10 stars
CVSS 8.4
CVE-2023-3338 NOMISEC MEDIUM
Linux Kernel < 6.5 - Denial of Service via DECnet Null Pointer Dereference
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.
by TurtleARM
36 stars
CVSS 6.5
CVE-2022-4510 NOMISEC HIGH
binwalk 2.1.2b-2.3.3 - Path Traversal and Remote Code Execution via Malicious PFS Filesystem
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.
by Kalagious
1 stars
CVSS 7.8
CVE-2023-27997 NOMISEC CRITICAL
FortiOS/FortiProxy SSL-VPN Heap-based Buffer Overflow
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
by TechinsightsPro
2 stars
CVSS 9.8
CVE-2022-30136 NOMISEC CRITICAL
Windows Network File System - Remote Code Execution
Windows Network File System Remote Code Execution Vulnerability
by fortra
14 stars
CVSS 9.8
CVE-2022-37969 NOMISEC HIGH
Windows Common Log File System Driver - Elevation of Privilege via Out-of-bounds Write
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by fortra
136 stars
CVSS 7.8
CVE-2019-19194 NOMISEC HIGH
Telink Semiconductor BLE SDK <November 2019 - RCE
The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK.
by louisabricot
CVSS 8.8
CVE-2023-3460 NOMISEC CRITICAL
Ultimate Member <2.6.7 - Privilege Escalation
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
by EmadYaY
CVSS 9.8
CVE-2022-45354 NOMISEC MEDIUM
WPChill Download Monitor < 4.7.60 - Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.
by RandomRobbieBF
CVSS 5.3
CVE-2023-32315 NOMISEC HIGH
Openfire authentication bypass with RCE plugin
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
by izzz0
5 stars
CVSS 8.6
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by joeymeech
1 stars
CVSS 7.8
CVE-2023-2255 NOMISEC MEDIUM
LibreOffice 7.4.0-7.4.6 and 7.5.0-7.5.2 - Unauthenticated External Resource Loading via Floating Frame Links
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.
by elweth-sec
63 stars
CVSS 5.3
CVE-2023-37596 NOMISEC HIGH
Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via Delete User Function
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
by sahiloj
1 stars
CVSS 8.1
CVE-2023-37597 NOMISEC HIGH
Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via User Grouplist Deletion
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
by sahiloj
1 stars
CVSS 8.1
CVE-2023-37598 NOMISEC MEDIUM
Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via Delete Virtual Fax Function
A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.
by sahiloj
1 stars
CVSS 4.5
CVE-2023-28252 NOMISEC HIGH
Windows Common Log File System Driver - Heap-based Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by fortra
180 stars
CVSS 7.8
CVE-2023-37599 NOMISEC HIGH
Issabel PBX 4.0.0-6 - Sensitive Information Exposure via Modules Directory
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
by sahiloj
2 stars
CVSS 7.5
CVE-2021-3490 NOMISEC HIGH
Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
by chompie1337
312 stars
CVSS 7.8
CVE-2023-21768 NOMISEC HIGH
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
by chompie1337
506 stars
CVSS 7.8
CVE-2023-35843 NOMISEC HIGH
NocoDB < 0.106.1 - Unauthenticated Path Traversal via /download Route
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
by b3nguang
CVSS 7.5