Lucene search
K

1939 matches found

Nuclei
Nuclei
added yesterday16 views

WordPress Kali Forms <= 2.4.9 - Remote Code Execution

Kali Forms WordPress plugin = 2.4.9 contains a remote code execution caused by unsafe user input handling in 'formprocess' and 'preparepostdata' functions, letting unauthenticated attackers execute code on the server, exploit requires no authentication. id: CVE-2026-3584 info: name: WordPress Kal...

9.8CVSS6.7AI score0.07239EPSS
Exploits2References2
NVD
NVD
added 2026/07/01 5:16 a.m.10 views

CVE-2026-9107

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00241EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.36 views

CVE-2026-9107 Kali Forms <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'kaliforms_field_components' Parameter

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00241EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40891

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.15 views

CVE-2026-9107

The CVE-2026-9107 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin. A Stored Cross-Site Scripting vulnerability exists via the meta[kaliforms_field_components] parameter in all versions up to 2.4.13, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References10
NVD
NVD
added 2026/06/30 7:16 a.m.10 views

CVE-2026-11581

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.9CVSS0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.8 views

EUVD-2026-40261

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:0 a.m.11 views

CVE-2026-11581

The CVE-2026-11581 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder for WordPress, vulnerable before version 2.4.13. The form captions (columns on the form-entries admin screen) are not sanitized, allowing stored XSS where a user with Contributor-level access (or higher) can i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/06/19 7:3 p.m.221 views

Joplin Plugin Persistence

This module installs a malicious Joplin plugin .jpl into the target's Joplin plugin directory. The plugin executes the payload each time Joplin is launched, providing persistent code execution. Joplin can not be running at the time of plugin installation, or it will be overwriten at shutdown. The...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/14 6:53 a.m.91 views

wannacry-soc-lab

WannaCry SOC Investigation Lab Overview This project simu...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 1:11 p.m.80 views

Web-Attack-Detection-Lab

!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 1:11 p.m.75 views

-Web-Attack-Detection-Lab

!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2026/06/11 7:0 p.m.222 views

VS Code Extension Persistence

This module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested against 1.120....

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/06 11:31 p.m.162 views

Metasploit2-pentest

Metasploitable2 Penetration Test Lab Author: Lillian Jone...

10CVSS5.4AI score0.96184EPSS
Exploits50
GithubExploit
GithubExploit
added 2026/06/05 9:48 a.m.83 views

Kali-setup

🛠️ kali-setup A single bash script that pulls in the 20 most-...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/03 1:18 p.m.121 views

Exploit for Improper Access Control in Proftpd

OpenVAS-Vulnerability-Analysis-Incident-Response-Report Real-W...

10CVSS6.2AI score0.96803EPSS
Exploits21
GithubExploit
GithubExploit
added 2026/06/03 12:2 p.m.118 views

Wazuh-Deployment-Vulnerability-Monitoring-PoC

🛡️ Wazuh Deployment & Vulnerability Monitoring PoC Overvie...

7.5CVSS5.8AI score0.00501EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/02 10:49 p.m.82 views

System-Exploitation-Compromising

💀 System Exploitation & Compromising CAP 6135 – Cyber Lab...

7.5CVSS6.6AI score0.83534EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/06/01 3:21 a.m.96 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

on kali linux - terminal 1...

9.8CVSS6AI score0.38374EPSS
Exploits32
GithubExploit
GithubExploit
added 2026/05/30 10:50 a.m.109 views

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

6.5AI score
Exploits0
Rows per page
Query Builder