Lucene search
K

1655 matches found

OSV
OSV
added 2026/01/07 7:29 p.m.2 views

GHSA-CH7P-MPV4-4VG4 CoreShop Vulnerable to SQL Injection via Admin Reports

Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...

4.9CVSS7.9AI score0.00391EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/01/05 2:27 a.m.161 views

heap-mastery-course

Heap Mastery Course Learn heap vulnerability exploitation t...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/01 8:5 p.m.169 views

Bug-Bounty-and-Learning-Space

Bug Bounty & Learning Space A markdown backup of my personal...

7.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/01 10:13 a.m.215 views

portswigger-labs-writeups

portswigger-labs-writeups Complete writeups for P...

7.6AI score
Exploits0
GithubExploit
GithubExploit
added 2025/12/30 6:21 p.m.370 views

Exploit for CVE-2025-52691

CVE-2025-52691 PoC: SmarterMail Arbitrary File Upload RCE APT...

10CVSS8.8AI score0.85457EPSS
Exploits15
GithubExploit
GithubExploit
added 2025/12/29 9:20 p.m.155 views

SQL-Injection-IDPS

Payloads All The Things A list of useful payloads and bypass...

6.8AI score
Exploits0
GithubExploit
GithubExploit
added 2025/12/28 3:37 p.m.161 views

binary-exploitation-learning

No d...

7AI score
Exploits0
EUVD
EUVD
added 2025/12/19 9:30 p.m.5 views

EUVD-2025-204602

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS6.5AI score0.00559EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.5 views

CVE-2023-53877

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

9.8CVSS7.7AI score0.00385EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51749

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1 Description WBCE CMS version 1.6.1 contains a cross-site scripting issue that enables attackers to inject malicious HTML and CSS. This allows for the capture of user keystrokes. Attackers can upload a specially crafted...

7.1CVSS6.2AI score0.00226EPSS
Exploits1References7
GoogleProjectZero
GoogleProjectZero
added 2025/12/16 12:0 a.m.24 views

Welcome to the new Project Zero Blog

Posted by Natalie Silvanovich While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And...

5.9AI score
Exploits0
NVD
NVD
added 2025/12/15 9:15 p.m.8 views

CVE-2023-53877

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

9.8CVSS0.00385EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.5 views

PT-2025-51295

Name of the Vulnerable Software and Affected Versions Bus Reservation System version 1.1 Description The Bus Reservation System version 1.1 contains a SQL injection issue in the pickup id parameter. This allows attackers to manipulate database queries using boolean-based, error-based, and...

9.8CVSS7.3AI score0.00385EPSS
Exploits1References8
HackRead
HackRead
added 2025/12/12 5:54 p.m.7 views

New PyStoreRAT Malware Targets OSINT Researchers Through GitHub

A new malware called PyStoreRAT is being through fake OSINT tools on GitHub targeting IT and OSINT pros. Read Morphisec's report detailing how it uses AI and evades security...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.4 views

A Systematic Mapping Study on Risks and Vulnerabilities in Software Containers

Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering SE research literature reveals a lack of reviewed, aggregated, and organized knowled...

7.3AI score
Exploits0
CVE
CVE
added 2025/12/11 9:34 p.m.13 views

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 (and below) is affected by a SQL injection in the /collections endpoint via the id parameter. Exploitation is described as boolean-based, time-based, and UNION-based injections that can potentially exfiltrate or manipulate database information. A PoC/exploit exists...

9.3CVSS7.3AI score0.0032EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50744

Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...

9.3CVSS7.5AI score0.0032EPSS
Exploits2References8
GithubExploit
GithubExploit
added 2025/12/09 11:7 a.m.162 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Advanced Scanner !Pythonhttps://img.shields.i...

10CVSS8.4AI score0.99562EPSS
Exploits372
OSV
OSV
added 2025/12/09 8:1 a.m.4 views

MAL-2025-192385 Malicious code in graphsync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dbb10327d6553750848c2b849abba1ed717438928a6cfdc148b73de73db8e9db This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and...

7.2AI score
Exploits0References2
Packet Storm
Packet Storm
added 2025/12/08 12:0 a.m.179 views

📄 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool

An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload, SQL injection, local file inclusion, and more. It affects ClipBucket version 5.5.2 Build 90...

6.5CVSS7.6AI score0.00998EPSS
Exploits4
Rows per page
Query Builder