CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

274362 matches found

Packet Storm•added 2026/03/10 12:0 a.m.•92 views

📄 Voyager 1.8.0 Arbitrary File Upload

Voyager version 1.8.0 has an issue where an attacker with minimal privileges any role allowed to upload images in a Rich Text Box can upload a polyglot file masquerading as an image while embedding server-side executable code...

5.8AI score

Exploits0

Packet Storm•added 2026/03/10 12:0 a.m.•189 views

📄 ASUS Router Multi-Stage Command Injection

A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...

9.8CVSS6.3AI score0.01031EPSS

Exploits2

Packet Storm•added 2026/03/10 12:0 a.m.•107 views

📄 GLib Memory Exhaustion

The gbase64decode function in the GLib library fails to enforce input size limits, allowing attackers to input extremely large Base64-encrypted data, resulting in uncontrolled memory allocation. This vulnerability can be exploited by providing a specially crafted, but syntactically correct, Base6...

5.4CVSS5.8AI score0.00325EPSS

Exploits1

Packet Storm•added 2026/03/10 12:0 a.m.•89 views

📄 Vvveb CMS 1.0.5 Insecure Direct Object Reference

A one liner of details for how to leverage the insecure direct object reference vulnerability in Vvveb CMS version 1.0.5. The research later discovered this also affects version 1.0.7.3...

7.2CVSS5.8AI score0.01347EPSS

Exploits6

Packet Storm•added 2026/03/10 12:0 a.m.•101 views

📄 Universal‑Ctags V Language 6.2.1 Parser Uncontrolled Recursion

A denial of service issue has been discovered in Universal‑Ctags versions 6.2.1 and below affecting the V language parser component. ============================================================================================================================================= | Title :...

5.7AI score

Exploits0

Packet Storm•added 2026/03/10 12:0 a.m.•230 views

📄 Vite 6.2.2 Arbitrary File Read

Proof of concept exploit for an arbitrary file read in Vite version 6.2.2. ============================================================================================================================================= | Title : Vite 6.2.2 Arbitrary File Read – PHP Exploit | | Author : indoushka | ...

7.5CVSS6.6AI score0.78572EPSS

Exploits28

Packet Storm•added 2026/03/10 12:0 a.m.•120 views

📄 Router Fingerprint / Command Injection Scanner

This Metasploit module targets multiple IoT routers by automatically fingerprinting the device vendor and attempting to exploit command injection vulnerabilities. The module sends an HTTP request to identify the router manufacturer by analyzing response headers and page content. Once the vendor i...

5.8AI score

Exploits0

Packet Storm•added 2026/03/10 12:0 a.m.•138 views

📄 WBCE CMS 1.6.5 LFI / Config Disclosure / Cross Site Scripting

The WBCE CMS frontend loader includes template files without sanitization. This allows local file inclusion, reading configuration files, and persistent cross site scripting via crafted templates. Version 1.6.5 is affected...

5.3AI score

Exploits0

GithubExploit•added 2026/03/09 10:43 p.m.•250 views

Exploit for Use After Free in Redis

🚨 CVE-2025-49844 — “RediShell” Critical Remote Code Execu...

9.9CVSS7.8AI score0.86268EPSS

Exploits14

GithubExploit•added 2026/03/09 10:12 p.m.•107 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Answer

No d...

9.1CVSS5.8AI score0.0248EPSS

Exploits1

GithubExploit•added 2026/03/09 9:7 p.m.•132 views

Exploit for Improper Privilege Management in Microsoft

CVE-2026-21533 Scanner: Windows RDP Local Privilege Escalation...

7.8CVSS5.8AI score0.03846EPSS

Exploits5

GithubExploit•added 2026/03/09 7:18 p.m.•240 views

Exploit for Deserialization of Untrusted Data in Google Android

🔥 ZygoteExploitDemo - CVE-2024-31317 Android Security Lab...

7.8CVSS6AI score0.00779EPSS

Exploits12

GithubExploit•added 2026/03/09 7:11 p.m.•98 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Flexense Vx_Search

No d...

9.8CVSS5.8AI score0.07104EPSS

Exploits5

Metasploit•added 2026/03/09 6:57 p.m.•288 views

SPIP Saisies Plugin Unauthenticated RCE

This module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin CVE-2025-71243. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requir...

9.8CVSS6.2AI score0.05126EPSS

Exploits5

Metasploit•added 2026/03/09 6:57 p.m.•161 views

Linux RC4 Encrypted Payload Generator

This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/x64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...

5.8AI score

Exploits0

Metasploit•added 2026/03/09 6:57 p.m.•293 views

LeakIX Search

This module uses the LeakIX API to search for exposed services and data leaks. LeakIX is a search engine focused on indexing internet-exposed services and leaked credentials/databases. An API key is required free at https://leakix.net. Actions: SEARCH - Query LeakIX with a search string and scope...

5.8AI score

Exploits0

GithubExploit•added 2026/03/09 6:31 p.m.•118 views

web-vulnerability-scanner

Web Vulnerability Scanner This project is a simple Python too...

5.8AI score

Exploits0

GithubExploit•added 2026/03/09 4:37 p.m.•118 views

challenge-yourself-level-1

Attack Path Lab !GitHubhttps://img.shields.io/badge/GitHu...

6.1AI score

Exploits0