Lucene search
K

403 matches found

Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.234 views

OpenPanel 0.3.4 - OS Command Injection

Exploit Title: OpenPanel 0.3.4 - OS Command Injection Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53584 POST /server/timezon...

9.8CVSS7.1AI score0.04108EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.244 views

OpenPanel 0.3.4 - Directory Traversal

Exploit Title: OpenPanel 0.3.4 - Directory Traversal Date: Dec 05, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53537 Compress Function POS...

9.1CVSS7.1AI score0.02279EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.338 views

Pimcore customer-data-framework 4.2.0 - SQL injection

Exploit Title: Pimcore customer-data-framework 4.2.0 - SQL injection Date: 01/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore versions prior to 10.5.21 Tested on: Ubuntu 20.04 with Pimcore 10.5.20 CVE:...

7.2CVSS7AI score0.00824EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.408 views

📄 phpIPAM 1.6 Cross Site Scripting

phpIPAM version 1.6 suffers from a cross site scripting vulnerability. Exploit Title: phpIPAM 1.6 Reflected XSS via closeClass Parameter in popup.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam...

6.1CVSS5.9AI score0.03904EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.228 views

MiniCMS 1.1 - Cross Site Scripting (XSS)

Exploit Title: MiniCMS 1.1 - Cross Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link: https://github.com/bg5sbk/MiniCMS Version: 1.10 Tested on: Ubuntu Windows CVE : CVE-2018-1000638 PoC: GET...

6.1CVSS6.4AI score0.02191EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/10 12:0 a.m.328 views

📄 Typecho 1.3.0 Cross Site Scripting

Typecho versions 1.3.0 and below suffer from a persistent cross site scripting vulnerability. // Exploit Title: Typecho = 1.3.0 Stored Cross-Site Scripting XSS // Google Dork: intext:"Powered by Typecho" inurl:/index.php // Date: 18/08/2024 // Exploit Author: Michele 'cyberaz0r' Di Bonaventura //...

9CVSS6.2AI score0.02671EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.383 views

Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Typecho 1.3.0 - Stored Cross-Site Scripting XSS Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested...

9CVSS9.2AI score0.02671EPSS
Exploits4
GithubExploit
GithubExploit
added 2025/04/08 3:37 p.m.433 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 Proof of Concept for CVE-2025-31161 / CVE-2025-...

9.8CVSS7.2AI score0.99947EPSS
Exploits22
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.203 views

📄 Bus Pass Management System 1.0 SQL Injection

Bus Pass Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Bus Pass Management System v1.0 - Unauthenticated Union Based SQLi Manuel Exploit Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.163 views

📄 YesWiki 4.5.1 Path Traversal

YesWiki version 4.5.1 suffers from an unauthenticated path traversal vulnerability. Exploit Title: YesWiki 4.5.2 - Unauthenticated Path Traversal Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-31131 Vendor Homepage: https://yeswiki.net/ Software Link:...

8.6CVSS9.1AI score0.05366EPSS
Exploits6
Circl
Circl
added 2025/04/01 1:32 p.m.5 views

RHSA-2025:3467

creationtimestamp| type| source ---|---|--- 2025-04-01 13:32:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9892...

4.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.5 views

PT-2025-14621 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to a remote code execution vulnerability. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents...

7.9AI score
Exploits0References2
Exploit DB
Exploit DB
added 2025/03/28 12:0 a.m.292 views

CodeCanyon RISE CRM 3.7.0 - SQL Injection

Exploit Title: CodeCanyon RISE CRM 3.7.0 - SQL Injection Google Dork: N/A Date: September 19, 2024 Exploit Author: Jobyer Ahmed Author Homepage: https://bytium.com Vulnerable Version: 3.7 Patched Version: 3.7.1 Tested on: Ubuntu 24.04, Debian Testing CVE: CVE-2024-8945 Instruction 1. Login to...

8.8CVSS7.2AI score0.14545EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/03/28 12:0 a.m.228 views

Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass

Exploit Title: Progress Telerik Report Server 2024 Q1 10.0.24.305 - Authentication Bypass Fofa Dork: title="Telerik Report Server" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-4358 Vendor Homepage: https://www.telerik.com/report-server Software...

9.8CVSS9.7AI score0.97482EPSS
Exploits14
HackRead
HackRead
added 2025/03/26 4:40 p.m.25 views

Next.js Middleware Flaw Lets Attackers Bypass Authorization

Researchers have uncovered a critical vulnerability CVE-2025-29927 in Next.js middleware, allowing authorization bypass. Learn about the exploit and fixes...

9.1CVSS7.3AI score0.99301EPSS
Exploits58
The Hacker News
The Hacker News
added 2025/03/26 11:10 a.m.43 views

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783 , has been described as a case of "incorrect handl...

8.3CVSS7.7AI score0.08404EPSS
Exploits6
GithubExploit
GithubExploit
added 2025/03/24 9:27 a.m.208 views

Exploit for CVE-2025-29927

CVE-2025-29927 Next.Js permission bypass vulnerability CVE-...

9.1CVSS7AI score0.99301EPSS
Exploits58
Packet Storm
Packet Storm
added 2025/03/21 12:0 a.m.416 views

Edunext Systems + School Management Software 1.0 SQL Injection

Edunext Systems + School Management Software version 1.0 suffers from multiple remote SQL injection vulnerabilities. Exploit Title: Edunext Systems + School Management Software Multiple SQL injection Google Dork: inurl:/page.php?PAGE= , inurl:/image-gallery-detail.php?galid= , intext:Powered by...

8.6AI score
Exploits0
Exploit DB
Exploit DB
added 2025/03/20 12:0 a.m.271 views

FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)

Exploit Title: FluxBB 1.5.11 Stored xss Date: 3/8/2025 Exploit Author: Chokri Hammedi Vendor Homepage: www.fluxbb.org Software Link: https://www.softaculous.com/apps/forums/FluxBB Version: FluxBB 1.5.11 Tested on: Windows XP 1. login to admin panel 2. go to /adminforums.php 3. click on "add forum...

7.4AI score
Exploits0
Debian CVE
Debian CVE
added 2025/03/19 6:59 p.m.23 views

CVE-2025-2476

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS8.6AI score0.00791EPSS
Exploits0
Rows per page
Query Builder