CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

This advisory describes a local privilege escalation vulnerability affecting the Qualcomm CVP kernel driver msmcvp, exposed through the /dev/cvp device node on Android systems using Qualcomm SoCs. The vulnerability originates from an improperly obfuscated kernel pointer returned to user space as ...

5.5CVSS5.7AI score0.00069EPSS

Exploits2

Packet Storm•added 2026/02/17 12:0 a.m.•165 views

📄 SmarterMail 9518 Cross Site Scripting

SmarterMail versions 9518 and below have an issue where user input passed through the MailboxId GET parameter to the MAPI endpoints is not properly sanitized before being used to generate HTML output. This can be exploited by attackers to perform reflective cross site scripting attacks which, in...

7.2CVSS5.3AI score0.00295EPSS

Exploits1

Packet Storm•added 2026/02/17 12:0 a.m.•116 views

📄 PaperCut MF/NG 25.0.5 Authentication Bypass / Remote Code Execution

A critical security vulnerability was discovered in version 25.0.5 of PaperCut MF/NG that allows attackers to bypass authentication and execute remote commands on the target system without requiring any credentials...

5.8AI score

Exploits0

Packet Storm•added 2026/02/17 12:0 a.m.•141 views

📄 Pymatgen 2024.1 CIF Parser Reverse Shell

Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File CIF parser that allows attackers to execute arbitrary Python code through specially crafted CIF files, leading to complete system compromise. The vulnerability exists in the CI...

9.3CVSS9.5AI score0.03816EPSS

Exploits8

Packet Storm•added 2026/02/17 12:0 a.m.•260 views

📄 n8n Workflow Automation Remote Configuration / Admin Data Extraction

This Metasploit module exploits multiple vulnerabilities in n8n workflow automation tool. It leverages a file read vulnerability to steal encryption keys and database, then uses stolen credentials to authenticate and execute arbitrary commands via the Execute Command node...

10CVSS9AI score0.71647EPSS

Exploits18

Packet Storm•added 2026/02/17 12:0 a.m.•279 views

📄 BeyondTrust Remote Support / Privileged Remote Access Remote Code Execution

A critical pre‑authentication remote code execution vulnerability identified as CVE-2026-1731 affects products from BeyondTrust, specifically Remote Support and Privileged Remote Access. The vulnerability allows an unauthenticated attacker to execute arbitrary commands on a vulnerable system by...

9.9CVSS7AI score0.86091EPSS

Exploits11

Packet Storm•added 2026/02/17 12:0 a.m.•236 views

📄 Pterodactyl Panel Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Pterodactyl Panel versions before 1.11.11. The vulnerability allows an attacker to write a malicious PHP file via the locale functionality and then execute it to gain a reverse shell...

10CVSS6.5AI score0.13105EPSS

Exploits28

Packet Storm•added 2026/02/17 12:0 a.m.•130 views

📄 Python 3 Minidom Denial of Service

This proof of concept demonstrates an algorithmic denial of service condition caused by parsing an XML document containing an extremely large number of attributes using Python's xml.dom.minidom library. Due to inefficient attribute handling with quadratic time complexity, the XML parser may consu...

6.2AI score

Exploits0

Packet Storm•added 2026/02/17 12:0 a.m.•157 views

📄 Extensis Portfolio Manager 4.0.1 Shell Upload

This Metasploit module exploits multiple vulnerabilities in Extensis Portfolio Server to achieve remote code execution. It leverages CVE-2022-24251 and related issues to upload a JSP webshell and execute arbitrary commands. Version 4.0.1 is affected...

8.8CVSS6.4AI score0.01608EPSS

Exploits2

Packet Storm•added 2026/02/17 12:0 a.m.•148 views

📄 MongoDB BSON Decompression OP_COMPRESSED Memory Disclosure

This Metasploit module demonstrates an educational memory leak in MongoDB BSON decompression. It sends malformed BSON in OPCOMPRESSED messages to trigger memory disclosure. Quite a huge list of versions are affected...

8.7CVSS8AI score0.83007EPSS

Exploits39

GithubExploit•added 2026/02/16 10:39 p.m.•184 views

Exploit for Injection in Apache Solr

Apache-Solr-RCE-CVE-2019-17558 🛡️ Apache Solr Remote Code E...

7.5CVSS5.8AI score0.98567EPSS

Exploits12

GithubExploit•added 2026/02/16 10:31 p.m.•147 views

KOREX

⚡ KOREX FRAMEWORK ⚡ Advanced Security Operations Framework "Kore...

5.5AI score

Exploits0

GithubExploit•added 2026/02/16 8:57 p.m.•258 views

Exploit for CVE-2026-1844

PixelYourSite PRO - Unauthenticated Stored Cross-Site Scriptin...

7.2CVSS5.8AI score0.00283EPSS

Exploits1

GithubExploit•added 2026/02/16 8:29 p.m.•302 views

Exploit for CVE-2017-0144

🛡️ TryHackMe CTF – EternalBlue MS17-010 !CTF Badgehttps:...

9.3CVSS5.7AI score0.9923EPSS

Exploits55

Metasploit•added 2026/02/16 6:59 p.m.•293 views

ChurchCRM Unauthenticated RCE via Setup Page

ChurchCRM use exploit/multi/http/churchcrminstallunauthrce msf exploitchurchcrminstallunauthrce show targets ...targets... msf exploitchurchcrminstallunauthrce set TARGET msf exploitchurchcrminstallunauthrce show options ...show and set options... msf exploitchurchcrminstallunauthrce exploit This...

10CVSS6.4AI score0.04151EPSS

Exploits3

Metasploit•added 2026/02/16 6:59 p.m.•445 views

n8n arbitrary file read

This module exploits CVE-2026-21858, a critical unauthenticated remote code execution vulnerability in n8n workflow automation platform versions 1.65.0 through 1.120.x. The vulnerability, dubbed "Ni8mare", is a content-type confusion flaw in webhook request handling that allows attackers to achie...

10CVSS8.1AI score0.71647EPSS

Exploits18

GithubExploit•added 2026/02/16 5:5 p.m.•211 views

Exploit for CVE-2025-4138

CVE-2025-4138 Python Tarfile module Directory Traversal Vulne...

7.5CVSS5.6AI score0.01109EPSS

Exploits7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by