Nomisec Exploits

21,927 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by irgoncalves
2 stars
CVSS 9.8
CVE-2019-20372 NOMISEC MEDIUM
F5 Nginx < 1.17.7 - HTTP Request Smuggling
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
by vuongnv3389-sec
CVSS 5.3
CVE-2022-23909 NOMISEC HIGH
Sherpa Connector Service <2020.2.20328.2050 - Privilege Escalation
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
by netsectuna
3 stars
CVSS 7.8
CVE-2021-41773 NOMISEC CRITICAL
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
by vuongnv3389-sec
CVSS 9.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by FourCoreLabs
44 stars
CVSS 9.8
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by mhanief
2 stars
CVSS 7.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by Kirill89
31 stars
CVSS 9.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by LudovicPatho
2 stars
CVSS 9.8
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by LudovicPatho
9 stars
CVSS 7.8
CVE-2022-22963 NOMISEC CRITICAL
Vmware Spring Cloud Function < 3.1.6 - Remote Code Execution
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
by SealPaPaPa
1 stars
CVSS 9.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by luoqianlin
CVSS 9.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by 0xr1l3s
CVSS 9.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by Snip3R69
1 stars
CVSS 9.8
CVE-2022-22947 NOMISEC CRITICAL
Spring Cloud Gateway Remote Code Execution
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
by aesm1p
1 stars
CVSS 10.0
CVE-2022-25636 NOMISEC HIGH
Linux Kernel < 5.4.182 - Improper Privilege Management
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
by veritas501
20 stars
CVSS 7.8
CVE-2022-0185 NOMISEC HIGH
Linux kernel - Privilege Escalation
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
by veritas501
17 stars
CVSS 8.4
CVE-2020-24186 NOMISEC CRITICAL
gVectors wpDiscuz <7.0.4 - RCE
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
by Sakura-501
3 stars
CVSS 10.0
CVE-2022-22639 NOMISEC HIGH
iOS <15.4 - Privilege Escalation
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.
by jhftss
122 stars
CVSS 7.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by netcode
3 stars
CVSS 9.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by daniel0x00
1 stars
CVSS 9.8
CVE-2019-0162 NOMISEC LOW
Intel - - Information Disclosure
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
by saadislamm
2 stars
CVSS 3.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by twseptian
2 stars
CVSS 9.8
CVE-2019-9506 NOMISEC HIGH
Android - Bluetooth BR/EDR Encryption Key Length Downgrade via KNOB Attack
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
by francozappa
187 stars
CVSS 8.1
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by TheGejr
130 stars
CVSS 9.8
CVE-2016-1827 NOMISEC HIGH
Apple iOS <9.3.2 - Privilege Escalation
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.
by superMan7912002
CVSS 7.8
By Source
All 21,927 Writeup 60,430 Exploitdb 50,009 Nomisec 21,927 Metasploit 3,232 Github 2,784 Vulncheck_xdb 908 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,057 ruby 5,921 c 3,585 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 64 postscript 25 xml 24