Lucene search
K

386517 matches found

GithubExploit
GithubExploit
added 3 hours ago16 views

Exploit for CVE-2026-57517

Control Web Panel 0.9.8.1224 — Blind SQL Injection to Remot...

9.8CVSS6.9AI score0.00587EPSS
Exploits2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago7 views

Malicious code in vps-maintenance-paperclip-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...

6.1AI score
Exploits0References1
OSV
OSV
added 4 hours ago4 views

MAL-2026-6757 Malicious code in vps-maintenance-paperclip-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...

6.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 5 hours ago8 views

Exploit-Chain-Suggester

Exploit Chain Suggester v2.0.0 A CLI tool for penetration tes...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 5 hours ago17 views

Exploit-Chain-Suggestor

Exploit Chain Suggestor A CLI tool for penetration testers an...

6AI score
Exploits0
The Hacker News
The Hacker News
added 5 hours ago7 views

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos ,...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 6 hours ago16 views

Exploit for CVE-2026-54415

CVE-2026-54415 — Azuriom CMS Broken Access Control → Account T...

8.6CVSS6AI score0.00348EPSS
Exploits1
GithubExploit
GithubExploit
added 11 hours ago21 views

Exploit for Improper Input Validation in Apache Activemq

Apache ActiveMQ Classic — RCE Research Private research archi...

8.8CVSS7AI score0.96666EPSS
Exploits14
GithubExploit
GithubExploit
added 13 hours ago29 views

Exploit for CVE-2026-34038

CVE-2026-34038: Authenticated Remote Command Injection in Cool...

6.1AI score
Exploits0
Nuclei
Nuclei
added 14 hours ago35 views

Pandora FMS 7.0NG - Remote Command Injection

Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...

9CVSS7.4AI score0.50615EPSS
Exploits5References5
Nuclei
Nuclei
added 14 hours ago57 views

SysAid Help Desk <15.2 - Local File Inclusion

SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. dot dot in the fileName parameter of getGfiUpgradeFile or cause a denial of service CPU and memory consumption via .. dot dot in the fileName paramet...

8.5CVSS6.1AI score0.86643EPSS
Exploits9References5
Nuclei
Nuclei
added 14 hours ago59 views

Appium Desktop Server - Remote Code Execution

OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. id: CVE-2023-2479 info: name: Appium Desktop Server - Remote Code Execution author: zn9988 severity: critical description: | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4...

9.8CVSS7.2AI score0.22014EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago9 views

RClone RC - Command Injection

Rclone = 1.48.0 and = 1.48.0 and 1.73.5 contains an unauthenticated local command execution caused by unauthenticated access to the RC endpoint operations/fsinfo with attacker-controlled fs input, letting unauthenticated attackers execute local commands, exploit requires reachable RC deployment...

9.8CVSS6.1AI score0.09199EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago73 views

Razer Sila Gaming Router - Remote Code Execution

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2022-29013 info: name: Razer Sila Gaming Router - Remote Code Execution author: DhiyaneshDK severity: critical descriptio...

9.8CVSS7.5AI score0.77136EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago14 views

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

9.8CVSS7.2AI score0.02041EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago23 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. id: CVE-2018-7192 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.02073EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago29 views

TurboMeeting - Post-Authentication Command Injection

The Certificate Signing Request CSR feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The...

7.2CVSS6.2AI score0.03216EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago27 views

Chaosblade < 1.7.4 - Remote Code Execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. id: CVE-2023-47105 info: name: Chaosblade 1.7.4 - Remote Code Execution author: s4e-io severity: high description: | exec.CommandContext in...

8.6CVSS6.1AI score0.01669EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago97 views

Honeywell PM43 Printers - Command Injection

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006 id:...

9.9CVSS7.2AI score0.33094EPSS
Exploits3References5
Nuclei
Nuclei
added 14 hours ago31 views

PMB v7.4.6 - Cross-Site Scripting

PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via the 'query' parameter. id: CVE-2023-24737 info: name: PMB v7.4.6 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via t...

6.1CVSS6.4AI score0.01169EPSS
Exploits1References3
Rows per page
Query Builder