CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

This Metasploit module exploits an unauthenticated remote code execution vulnerability in FreeScout versions less than or equal to 1.8.206 CVE-2026-28289. The sanitizeUploadedFileName function checks for dot-prefixed filenames before stripping Unicode format characters ZWSP U+200B, allowing...

10CVSS6.5AI score0.3114EPSS

Exploits4

Packet Storm•added 2026/03/31 12:0 a.m.•156 views

📄 NLTK 3.9.2 Arbitrary File Read / Path Traversal

NLTK versions 3.9.2 and below suffer from an arbitrary file read issue due to a path traversal vulnerability. CVE-2026-0847 — NLTK Multiple CorpusReader Classes: Arbitrary File Read via Path Traversal --- Overview | Field | Details | |---|---| | CVE ID | CVE-2026-0847 | | Package | nltk Natural...

8.6CVSS6AI score0.00747EPSS

Exploits3

Packet Storm•added 2026/03/31 12:0 a.m.•131 views

📄 lollms-webui Server-Side Request Forgery

A critical server-side request forgery vulnerability has been identified in lollms-webui, the web interface for Lord of Large Language and Multi modal Systems. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to force the server into making arbitrary GET requests. This can b...

9.1CVSS5.8AI score0.21629EPSS

Exploits3

Packet Storm•added 2026/03/31 12:0 a.m.•142 views

📄 Microsoft Windows RRAS Integer Overflow

This Metasploit module simulates a remote exploitation attempt against a hypothetical integer overflow vulnerability in Windows RRAS, which could lead to a heap-based overflow and potential remote code execution...

8CVSS6.1AI score0.00836EPSS

Exploits3

Packet Storm•added 2026/03/31 12:0 a.m.•136 views

📄 NLTK StanfordSegmenter 3.9.2 Arbitrary Code Execution

nltk.tokenize.StanfordSegmenter dynamically loads external Java .jar files via subprocess without performing any integrity verification, signature checking, or sandboxing. The class accepts fully attacker-controlled parameters including pathtojar, pathtomodel, pathtodict, and javaclass, and passe...

10CVSS6.6AI score0.00777EPSS

Exploits3

Packet Storm•added 2026/03/31 12:0 a.m.•151 views

📄 Langflow 1.8.1 Remote Code Execution

This Python script is a multi-threaded tool targeting a suspected vulnerability in Langflow versions 1.8.1 and below that allows unauthenticated remote code execution through unsafe execution of CustomComponent code during flow compilation...

9.8CVSS6.5AI score0.98412EPSS

Exploits16

Packet Storm•added 2026/03/31 12:0 a.m.•128 views

📄 Google Keras 3.13.0 Denial of Service

A denial of service vulnerability exists in the HDF5 weight loading component of Google Keras versions 3.0.0 through 3.13.0 on all platforms. The vulnerability is caused by the absence of any validation or throttling when processing HDF5 dataset shape metadata declared inside a .keras archive...

7.5CVSS5.9AI score0.00364EPSS

Exploits3

Packet Storm•added 2026/03/31 12:0 a.m.•121 views

📄 Wagtail CMS 6.4.1 Cross Site Scripting

Wagtail CMS version 6.4.1 is vulnerable to a persistent cross site scripting vulnerability in the document upload functionality. An attacker can embed a malicious payload inside a PDF file. When the uploaded document is accessed via the CMS interface, the payload may execute in the context of the...

5.5AI score0.00225EPSS

Exploits1

Packet Storm•added 2026/03/31 12:0 a.m.•137 views

📄 WordPress Datalogics Ecommerce Delivery Privilege Escalation

WordPress Datalogics Ecommerce Delivery plugin versions prior to 2.6.60 suffer from a privilege escalation vulnerability. ===============================================================================================================================================================================...

9.8CVSS5.9AI score0.0058EPSS

Exploits2

Packet Storm•added 2026/03/31 12:0 a.m.•188 views

📄 Grav CMS 1.7.49.5 Remote Code Execution

Grav CMS versions 1.7.49.5 and below with Admin Plugin versions 1.10.49.3 and below are vulnerable to an authenticated remote code execution vulnerability via the "Direct Install" feature in the administrative interface. An authenticated administrator can upload a crafted plugin archive containin...

8.1CVSS6.6AI score0.0871EPSS

Exploits7

Packet Storm•added 2026/03/31 12:0 a.m.•103 views

📄 Langflow 1.8.1 Remote Code Execution

This Metasploit auxiliary module scans Langflow instances for CVE-2026-33017, an unauthenticated remote code execution vulnerability affecting versions 1.8.1 and below. ================================================================================================================================...

9.8CVSS6.4AI score0.98412EPSS

Exploits16

GithubExploit•added 2026/03/30 10:58 p.m.•95 views

Exploit for OS Command Injection in Hoverfly

CVE-2025-54123 - Hoverfly Command Injection RCE PoC CVE-2...

9.8CVSS6.4AI score0.10543EPSS

Exploits7

GithubExploit•added 2026/03/30 9:44 p.m.•130 views

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2026-20698 — XNU Kernel Heap Overflow via PFROUTE RTAGEN...

7.8CVSS6.1AI score0.00326EPSS

Exploits1