Lucene search
K

274567 matches found

Packet Storm
Packet Storm
added 2025/12/24 12:0 a.m.174 views

📄 LINQPad 5.48.00 Insecure Deserialization

LINQPad versions up to 5.48.00 contain an insecure deserialization vulnerability in the paid version of the software that allows attackers to achieve persistent remote code execution by manipulating cache files containing serialized .NET objects. The vulnerability exists in the AutoRefCache...

8.6AI score0.00488EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/24 12:0 a.m.164 views

📄 HP ProCurve SNAC Domain Controller Shell Upload

This proof of concept exploits a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller. ============================================================================================================================================= | Title : HP ProCurve SNAC Domain Controller P...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/24 12:0 a.m.175 views

📄 Varnish / Styx HTTP Request Smuggling

Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/24 12:0 a.m.237 views

📄 MagnusBilling 6 Server-Side Request Forgery / Path Traversal

Proof of concept exploit for MagnusBilling 6 vulnerabilities including server-side request forgery, path traversal, and cryptographic weaknesses. ============================================================================================================================================= | Title :...

9.8CVSS9.6AI score0.9425EPSS
Exploits15
Packet Storm
Packet Storm
added 2025/12/24 12:0 a.m.235 views

📄 Litespeed Cache 6.4.0.1 Privilege Escalation

WordPress Litespeed Cache plugin version 6.4.0.1 allows attackers to brute-force authentication hashes and create administrative users without any initial credentials...

9.8CVSS7.3AI score0.67925EPSS
Exploits8
GithubExploit
GithubExploit
added 2025/12/23 9:54 a.m.147 views

Exploit for Code Injection in Laravel Livewire

Livepyre A tool designed to exploit CVE-2025-54068 an...

9.8CVSS5.8AI score0.95376EPSS
Exploits5
GithubExploit
GithubExploit
added 2025/12/23 7:41 a.m.119 views

cve

...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.148 views

📄 HP ProCurve 4.00 Credential Disclosure

Proof of concept code that performs a credential dumping attack against vulnerable HP ProCurve SNAC systems. ============================================================================================================================================= | Title : HP ProCurve 4.00 Credential Dumping...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.161 views

📄 GALAYOU G2 IP Camera Authentication Bypass

A critical authentication bypass vulnerability exists in the RTSP service of the GALAYOU G2 IP camera. The device exposes multiple RTSP stream endpoints that can be accessed without valid credentials, even when authentication is enabled...

7.1CVSS7AI score0.00636EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.187 views

📄 PKP-WAL 3.5.0-1 baseColour LESS Code Injection

PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 baseColour LESS Code Injection Vulnerability -----------------------------------------------------------------...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.144 views

📄 Institute Admission Software 2.5 SQL Injection

Institute Admission Software version 2.5 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Institute Admission Software 2.5 SQL INjection...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.410 views

📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection

Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...

9.9CVSS7.8AI score0.05995EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.155 views

📄 PKP-WAL 3.5.0-1 Cross Site Request Forgery

PKP-WAL versions 3.5.0-1 and below suffer from a cross site request forgery vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 Login Cross-Site Request Forgery Vulnerability ----------------------------------------------------------------- - Softwar...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.199 views

📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection

PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.248 views

📄 Open Journal Systems 3.5.0-1 Path Traversal

Open Journal Systems versions 3.5.0-1 and below suffer from a path traversal vulnerability in NativeXmlIssueGalleyFilter.php. --------------------------------------------------------------------------------------------- Open Journal Systems issuegalleys - issuegalley - issuefile - filename tag of...

7AI score
Exploits1
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.149 views

📄 Backdoor.Win32.Poison.jh MVID-2025-0704 Insecure Permissions

Backdoor.Win32.Poison.jh malware creates the directory 28463 under C:\Windows\SysWOW64, granting Full F permissions to the Everyone user group. This allows any local user to modify or replace any dropped files, enabling trivial malware disruption or execution hijacking. This reflects poor...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.180 views

📄 Backdoor.Win32.Netbus.170 MVID-2025-0703 Insecure Credential Storage

Backdoor.Win32.Netbus.170 malware listens on TCP ports 12632 and 12631. The backdoor server password "ecoli" is stored in cleartext in an .INI textfile, stored under "C:\Windows" having the same name as the malware. Third party attackers who have knowledge of the password can login and issue...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.153 views

📄 Textpattern 4.9.0 Cross Site Scripting

Textpattern CMS version 4.9.0 contains a persistent cross site scripting vulnerability in the administrative interface. The vulnerability allows authenticated attackers with administrative privileges to inject malicious JavaScript payloads into site preferences under the Site URL field, which is...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.227 views

📄 PKP-WAL 3.5.0-1 SQL Injection

PKP-WAL versions 3.5.0-1 and below suffer from a remote SQL injection vulnerability in the Institution Collector. ---------------------------------------------------------------------- PKP-WAL = 3.5.0-1 Institution Collector SQL Injection Vulnerability...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.1197 views

📄 Apache mod_ssl TLS 1.3 Client Certificate Authentication Bypass

Apache modssl TLS 1.3 client certificate authentication bypass proof of concept exploit. ============================================================================================================================================= | Title : Apache modssl TLS 1.3 Client Certificate Authentication...

9.1CVSS8.2AI score0.0097EPSS
Exploits1
Rows per page
Query Builder