Lucene search
K

274602 matches found

GithubExploit
GithubExploit
•added 2025/12/16 1:3 a.m.•155 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js CVE-2025-55182 Proof of Concept This is a proof-of-co...

10CVSS8.2AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
•added 2025/12/16 12:20 a.m.•141 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071 This is a python PoC...

6.5CVSS6.6AI score0.25068EPSS
Exploits21
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•145 views

šŸ“„ HTMLDOC 1.9.13 Stack Buffer Overflow

Proof of concept exploit written in PHP for HTMLDOC version 1.9.13 that generates a malicious BMP file that will trigger a stack buffer overflow vulnerability...

7.8CVSS8AI score0.07349EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•151 views

šŸ“„ Craft CMS 5.0 Twig Template Injection Scanner

This is a mass scanning script for the Craft CMS version 5.0 Twig template injection vulnerability. ============================================================================================================================================= | Title : Craft CMS 5.0 Twig Template Injection – Mass...

9.8CVSS7.4AI score0.97446EPSS
Exploits9
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•230 views

šŸ“„ Gnuboard 5.6.23 SQL Injection / Code Execution

Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution. ============================================================================================================================================= | Title : Gnuboard v5.6.23...

9.8CVSS9.1AI score0.05377EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•251 views

šŸ“„ WIX.com Cross Site Scripting

WIX.com appears to suffer from a cross site scripting vulnerability. The researcher contacted them months ago and they have ignored his report, so we are posting this to encourage them to address it and to let their users know that they could be affected by this vulnerability. Titles: WIX.com /...

6.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•189 views

šŸ“„ HighCMS 12.x SQL Injection

HighCMS version 12.x remote SQL injection proof of concept exploit written in Python. ============================================================================================================================================= | Title : HighCMS v12.x SQL Injection Exploit | | Author : indoushka ...

8.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•424 views

šŸ“„ Bitrix24 25.100.300 Remote Code Execution

Bitrix24 versions 25.100.300 and below have a vulnerability that is located within the Translate Module, which allows users to upload and extract archive files into a temporary directory. However, the application fails to properly verify the contents of these archives before extracting them. This...

7.7AI score0.01028EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•149 views

šŸ“„ Hestia Control Panel 1.9.3 Code Execution

Hestia Control Panel version 1.9.3 code injection proof of concept exploit written in PHP that leverages cronjobs. ============================================================================================================================================= | Title : Hestia Control Panel 1.9.3 PHP...

7.7AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•367 views

šŸ“„ HTTP/2 Rapid Reset DoS Tester

This is an HTTP/2 Rapid Reset denial of service testing tool. It provides a comprehensive method for testing CVE-2023-44487 with cross-system compatibility, improved user interface, and detailed reporting capabilities...

7.5CVSS7.4AI score0.99999EPSS
Exploits19
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•307 views

šŸ“„ Grav CMS 1.7.49.5 Sandbox Bypass

This code is a standalone PHP proof of concept exploit targeting Grav CMS version 1.7.49.5 that demonstrates an authenticated remote code execution vulnerability caused by a Twig server-side template injection combined with a sandbox bypass...

9.6CVSS8.5AI score0.0264EPSS
Exploits5
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•150 views

šŸ“„ WordPress Omnipress 1.6.3 Cross Site Scripting

WordPress Omnipress plugin versions 1.6.3 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordPress Plugin Keywords: CVE-2025-XXXXX, Omnipress WordPress vulnerability, stored XSS, WordPress security, authenticated XSS...

6.4CVSS6.4AI score0.00298EPSS
Exploits2
Exploit DB
Exploit DB
•added 2025/12/16 12:0 a.m.•171 views

esm-dev 136 - Path Traversal

Exploit Title: esm-dev 136 - Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/esm-dev/esm.sh Software Link: https://github.com/esm-dev/esm.sh CVE-2025-59342 - File : exploit.c - Date : 09/17/2025 - Target : esm-dev - Version: 136 - Target Endpoint :...

6.9CVSS7AI score0.02829EPSS
Exploits2
Exploit DB
Exploit DB
•added 2025/12/16 12:0 a.m.•173 views

Summar Employee Portal 3.98.0 - Authenticated SQL Injection

Exploit Title: Summar Employee Portal 3.98.0 - Authenticated SQL Injection Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.summar.es/ Software Link: https://www.summar.es/software-recursos-humano...

8.7CVSS7AI score0.00588EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•676 views

šŸ“„ 1C-Bitrix 25.100.500 Remote Code Execution

1C-Bitrix versions 25.100.500 and below have a vulnerability that is located within the Translate Module, which allows users to upload and extract archive files into a temporary directory. However, the application fails to properly verify the contents of these archives before extracting them. Thi...

7.7AI score0.01549EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/16 12:0 a.m.•198 views

šŸ“„ Control Web Panel 0.9.8.1208 Command Injection

Control Web Panel versions 0.9.8.1208 and below suffer from an issue where user input passed via the key GET parameter to /admin/index.php when the api parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject...

7.8AI score0.01186EPSS
Exploits3
GithubExploit
GithubExploit
•added 2025/12/15 9:45 p.m.•160 views

Exploit for CVE-2025-12163

CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordP...

6.4CVSS4.5AI score0.00298EPSS
Exploits2
GithubExploit
GithubExploit
•added 2025/12/15 9:1 p.m.•144 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 — Local RSC Security Demo āš ļø W...

10CVSS7.7AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
•added 2025/12/15 8:53 p.m.•151 views

XSS-FINDER

usage python xssscanner.py ╔═════════════════════════════════...

6.5AI score
Exploits0
GithubExploit
GithubExploit
•added 2025/12/15 8:18 p.m.•147 views

Exploit for CVE-2025-65318

PoC for CVE-2025-65318 and CVE-2025-65319 - CVE-2025-65318...

9.3CVSS7.3AI score0.99945EPSS
Exploits35
Rows per page
Query Builder