Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4149 matches found

Packet Storm
Packet Stormadded 2023/11/25 12:0 a.m.278 views

CE Phoenix 1.0.8.20 Cross Site Scripting

Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2023/10/19 12:0 a.m.55 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2023-390)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-390 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References4
Packet Storm
Packet Stormadded 2023/10/12 12:0 a.m.306 views

Lost And Found Information System 1.0 Insecure Direct Object Reference

Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...

7.1AI score0.01264EPSS
Exploits4
Packet Storm
Packet Stormadded 2023/10/10 12:0 a.m.350 views

Cacti 1.2.24 Command Injection

Exploit Title: Cacti 1.2.24 - Authenticated command injection when using SNMP options Date: 2023-07-03 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/info/downloads Version: Cacti 1.2.24 Tested on: Cacti 1.2.24 installed on...

7.2CVSS7.1AI score0.82186EPSS
Exploits6
Exploit DB
Exploit DBadded 2023/10/09 12:0 a.m.337 views

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS Date: 2023-09-05 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php Version: 4.7 REQUIRED Tested on: Windows/Linux...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2023/08/22 12:0 a.m.253 views

Dolibarr 17.0.1 Cross Site Scripting

Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Dork: Date: 2023-08-09 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...

7.1AI score
Exploits0
0day.today
0day.todayadded 2023/08/21 12:0 a.m.157 views

Dolibarr Version 17.0.1 - Stored XSS Vulnerability

Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2023/08/21 12:0 a.m.331 views

Dolibarr Version 17.0.1 - Stored XSS

Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Dork: Date: 2023-08-09 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2023/07/06 12:0 a.m.334 views

Lost and Found Information System v1.0 - SQL Injection

Exploit Title: Lost and Found Information System v1.0 - SQL Injection Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /php-lfis/admin/?page=systeminfo/contactinformation Tested on: Windows/Linux CVE : CVE-2023-33592 import requests URL of the...

9.8CVSS9.7AI score0.01928EPSS
Exploits3
Exploit DB
Exploit DBadded 2023/07/03 12:0 a.m.188 views

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting XSS Date: 2023-06-23 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /print.php?nmmember= Vendor Homepage:...

6.1CVSS6.3AI score0.03359EPSS
Exploits4
Packet Storm
Packet Stormadded 2023/06/27 12:0 a.m.286 views

Xenforo 2.2.13 Cross Site Scripting

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Date: 2023-06-24 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2023/06/26 12:0 a.m.474 views

Xenforo Version 2.2.13 - Authenticated Stored XSS

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Date: 2023-06-24 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2023/06/26 12:0 a.m.357 views

Windows 11 22h2 - Kernel Privilege Elevation

// Exploit Title: Windows 11 22h2 - Kernel Privilege Elevation // Date: 2023-06-20 // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : webapps // Vendor Homepage: // Tested on: Windows/Linux // CVE : CVE-2023-28293 include include // The vulnerable driver file name const ch...

7.8CVSS8.8AI score0.02866EPSS
Exploits4
Packet Storm
Packet Stormadded 2023/06/20 12:0 a.m.329 views

WordPress Theme Medic 1.0.0 Weak Password Recovery Mechanism

Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Date: 2023-06-19 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...

8.1CVSS7.1AI score0.14211EPSS
Exploits3
Exploit DB
Exploit DBadded 2023/06/19 12:0 a.m.367 views

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Date: 2023-06-19 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...

8.1CVSS8.3AI score0.14211EPSS
Exploits3
0day.today
0day.todayadded 2023/06/12 12:0 a.m.356 views

WordPress Workreap 2.2.2 Shell Upload Exploit

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author: Mohammad Hossei...

9.8CVSS9.3AI score0.60377EPSS
Exploits9
Packet Storm
Packet Stormadded 2023/06/12 12:0 a.m.477 views

WordPress Workreap 2.2.2 Shell Upload

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...

9.8CVSS7.1AI score0.60377EPSS
Exploits9
Exploit DB
Exploit DBadded 2023/06/09 12:0 a.m.420 views

WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...

9.8CVSS9.6AI score0.60377EPSS
Exploits9
Packet Storm
Packet Stormadded 2023/05/15 12:0 a.m.326 views

Online Clinic Management System 2.2 Cross Site Scripting

Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting XSS Date: 27-06-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Version : 2.2...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2023/05/13 12:0 a.m.342 views

Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)

Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting XSS Date: 27-06-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Version : 2.2...

7AI score
Exploits0
Rows per page
Query Builder