Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 21 hours ago12 views

📄 Zscaler Client Connector macOS Fail-Open SIGSTOP Bypass

Zscaler Client Connector for macOS can be bypassed by a standard local user during the Restart Services / Repair App workflow by suspending user-owned Zscaler processes with SIGSTOP. The reported impact is fail-open loss of ZIA/ZPA enforcement, DLP, telemetry, and tunnel routing while the console...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 21 hours ago11 views

📄 Whistlelink Site-Access Password Exposed

The Whistlelink reporting portal protects optionally-enabled, password-gated whistleblowing sites with a site-access password. When a visitor unlocks such a site, the client validates the password by issuing an HTTP GET request that carries the password as a URL query-string parameter which is...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 21 hours ago11 views

📄 Horde Groupware IMP Webmail Path Traversal / Local File Inclusion

Horde Groupware's IMP Webmail solution contains a path traversal / local file inclusion vulnerability which could be exploited to escalate privileges or bypass authentication. This is patched in version 7.0.1. this is my first time sending to a mailing list so ive chosen something easy. here goes...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 21 hours ago11 views

📄 ImageMagick 7.x MIFF Decoder Denial of Service

This code generates a malicious MIFF image file designed to exploit a flaw in ImageMagick’s BZip decompression handling. The issue is triggered by a zero-length compressed block, which can cause ImageMagick to enter an infinite loop and consume 100% CPU...

7.5CVSS7.1AI score0.01849EPSS
Exploits4
Packet Storm
Packet Storm
added 21 hours ago15 views

📄 Cacti 1.2.30 Remote Code Execution

This Metasploit module is an authenticated remote code execution exploit for Cacti versions 1.2.30 and below. ================================================================================================================================== | Title : Cacti ≤ 1.2.30 Authenticated RCE via Host...

7.7AI score
Exploits2
Packet Storm
Packet Storm
added 21 hours ago15 views

📄 Samsung Galaxy Zero-Click HFP/A2DP Takeover

Samsung Galaxy buds have an issue where an attacker within Bluetooth range can force a transition of the active audio session to an attacker-controlled device without requiring user interaction. Samsung believes it is a non-issue. MESSAGE HASH SHA-256:...

6AI score
Exploits0
Packet Storm
Packet Storm
added 21 hours ago13 views

📄 Zig 0.16.0 Denial of Service / Integer Overflow

Zig version 0.16.0 suffers from an integer overflow vulnerability that results in a denial of service condition. Agent Spooky’s Fun Parade hereby reports, with the solemnity of a raccoon presenting a subpoena, an integer-overflow panic in Zig’s std.http chunked request-body reader. In Zig 0.16.0...

6AI score
Exploits0
Packet Storm
Packet Storm
added 21 hours ago14 views

📄 Cockpit CMS 2.13.5 Cross Site Scripting / Account Takeover

Cockpit CMS versions 2.13.5 and below suffer from persistent cross site scripting and cross site request forgery vulnerabilities. CVE-2026-39275 - Stored XSS Leading to Account Takeover in Cockpit CMS Note: Responsibly disclosed to and patched by the Cockpit CMS maintainers prior to publication. ...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 21 hours ago12 views

📄 ImageMagick 7.x MIFF BZip Decoder Infinite Loop Denial of Service

A vulnerability in ImageMagick's MIFF decoder coders/miff.c allows an attacker to cause an infinite loop and CPU exhaustion by providing a specially crafted MIFF file with a compressed block length of zero when BZip compression is enabled...

7.5CVSS6AI score0.01849EPSS
Exploits4
Packet Storm
Packet Storm
added 21 hours ago14 views

📄 Cacti 1.2.30 Remote Code Execution

Cacti versions 1.2.30 and below authenticated remote code execution exploit that uses variable injection via graph rendering. Written in Python. ================================================================================================================================== | Title : Cacti ≤...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added yesterday27 views

📄 Atlassian Central GraphQL Email Enumeration

The loomUnauthenticatedprimaryAuthTypeForEmail GraphQL query on Atlassian's central GraphQL gateway returns different responses depending on whether an email address is registered with Atlassian, allowing unauthenticated user enumeration. CVE-2026-XXXX: Atlassian Central GraphQL — Email Enumerati...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2 days ago39 views

📄 Control Web Panel 0.9.8.1224 SQL Injection

Control Web Panel versions 0.9.8.1224 and below suffer from a remote SQL injection vulnerability via the userRes POST parameter. --------------------------------------------------------------------- Control Web Panel = 0.9.8.1224 userRes SQL Injection Vulnerability...

9.8CVSS5.9AI score0.00581EPSS
Exploits1
Packet Storm
Packet Storm
added 2 days ago24 views

📄 Flowise CSV Agent Prompt Injection Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper...

9.8CVSS6.2AI score0.01028EPSS
Exploits3
Packet Storm
Packet Storm
added 3 days ago25 views

📄 ProtonVPN 4.4.1 Unquoted Service Path

ProtonVPN version 4.4.1 suffers from an unquoted service path vulnerability. Exploit Title: ProtonVPN v4.4.1 - Unquoted Service Path Date: 2026-06-22 Exploit Author: Milad Karimi Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 4 days ago36 views

📄 WordPress WP Full Stripe Free 8.4.3 Missing Authorization

The WP Full Stripe Free plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 8.4.3 via the wpfsupdatefailedpaymentstatus AJAX action. CVE-2026-12432: WP Full Stripe Free = 8.4.4 - Published: June 26, 2026 - Last Updated: June 27, 2026 - Researcher: Netwurm...

5.3CVSS5.8AI score0.00323EPSS
Exploits2
Packet Storm
Packet Storm
added 4 days ago42 views

📄 ICagenda 3.9.14 / 4.0.7 Shell Upload

iCagenda, a popular events and calendar component for Joomla, contains an unauthenticated file upload vulnerability that allows remote attackers to upload and execute arbitrary PHP code on Joomla 6 sites. Versions 3.2.1 through 3.9.14 and 4.0.0 through 4.0.7 are affected.:1 CVE-2026-48939 -...

10CVSS6.2AI score0.00522EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.31 views

📄 Peyara Remote Mouse 1.0.1 Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Peyara Remote Mouse 1.0.1. The application exposes a Socket.IO WebSocket service on TCP port 1313 and accepts unauthenticated keyboard input events. The module sends keyboard events to open the Windows comma...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.26 views

📄 Docmost 0.70.x Authorization Bypass

A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored attachment inside the same workspace. Versions 0.3.0 through 0.70.x are affected. CVE-2026-34213 A low-privileged Docmost user could supply a victim attachmentId to...

5.4CVSS5.8AI score0.0017EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.28 views

📄 Docmost 0.70.2 Authorization Bypass

In Docmost versions 0.70.0 through 0.70.2, restricted child pages hidden from public share viewers could still leak through public share search results. CVE-2026-33146 A public share looked clean in the page tree, but the search endpoint told a different story. In Docmost, restricted child pages...

4.3CVSS5.8AI score0.00213EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.27 views

📄 Penpot Server-Side Request Forgery

Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin server-side request forgery because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering. CVE-2026-45806 Penpot's remote...

5.8AI score0.00032EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.34 views

📄 Yeoman Environment 6.0.0 Code Execution

Yeoman Environment versions 2.9.0 through 6.0.0 have an issue where missing generators can be installed without user confirmation, turning attacker-controlled project metadata into a package-install and code-execution path. CVE-2026-42089 A local package installation helper trusted caller-supplie...

8.6CVSS5.8AI score0.00139EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.25 views

📄 TypeBot Server-Side Request Forgery

TypeBot versions prior to 3.16.0 suffer from a server-side request forgery vulnerability. CVE-2026-34207 The SSRF filter checked hostname text, but the actual destination was decided later by DNS. That gap let attacker-controlled Webhook URLs reach loopback, metadata, and private network targets...

7.6CVSS5.8AI score0.00239EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.19 views

📄 Docmost Cross Site Scripting

Docmost versions prior to 0.71.0 suffer from a persistent cross site scripting vulnerability. CVE-2026-34212 Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a clickable anchor in the Docmost origin. Intro I...

5.4CVSS5.4AI score0.00197EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.25 views

📄 phpSysInfo 3.4.5 IP Allowlist Bypass

phpSysInfo versions 3.4.5 and below suffer from an IP Allowlist bypass vulnerability. CVE-2026-55584 - phpSysInfo IP Allowlist Bypass CWE-290, CVSS 7.5 High, phpSysInfo = 3.4.5 Refs: GHSA-786w-p5pm-cvgh, CVE.org PSIALLOWED resolves the client IP from the attacker-controlled X-Forwarded-For then...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/26 12:0 a.m.26 views

📄 Plane Improper Authorization

Plane's asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one authenticated user read, copy, delete, and overwrite assets in other workspaces. All versions prior to 1.3.1 are affected. CVE-2026-46558 Plane’s V2 asset subsystem trusted...

8.3CVSS5.8AI score0.0028EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/25 12:0 a.m.43 views

📄 Dalfox Found-Action Deserialization Remote Code Execution

When dalfox versions less than or equal to 2.12.0 is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options - including FoundAction and FoundActionShell - is...

10CVSS6AI score0.01147EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/24 12:0 a.m.37 views

📄 HTTP.sys HTTP/2 Denial of Service

This advisory provides simple proof of concept details to trigger the HTTP/2 denial of service condition related to malformed Accept-Encoding headers. Titles: CVE-2026-49160 - HTTP.sys HTTP/2 Denial of Service DoS Vulnerability Author: nu11secur1ty Date: 06/24/2026 Vendor: Microsoft Corporation...

7.5CVSS6.1AI score0.48438EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.35 views

📄 N-able Mail Assure Authentication Bypass

N-able Mail Assure appears to suffer from a cross-tenant authentication bypass vulnerability via spoofing. CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure CVE ID: CVE-2025-68624 Status: DISPUTED CWE: CWE-290 Authentication Bypass by Spoofing Affected Product:...

5.9AI score
Exploits1
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.43 views

📄 PHP 8.5.7 dom_xml_serialization_algorithm() Stack Overflow

PHP version 8.5.7 suffers from a stack overflow vulnerability due to unbounded recursion in domxmlserializationalgorithm and domxmlserializeelementnode. PHP 8.5.7 domxmlserializationalgorithm stack-overflow Author: Khashayar Fereidani Disclosure Date: 2026-06-18 Advisory:...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.45 views

📄 Sprecher Automation SPRECON-E-C/-E-P/-E-T3 Missing Secure-Boot / Static Passwords

Sprecher Automation SPRECON-E-C/-E-P/-E-T3 leaks the firmware signing private key, is missing a secure-boot mechanism, has unencrypted flash memory, use of static passwords, and hard-coded vendor accounts. SEC Consult Vulnerability Lab Security Advisory...

9.8CVSS5.8AI score0.00851EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.43 views

📄 PHP 8.5.7 levenshtein() Signed-Integer Overflow

The levenshtein function calculates the Levenshtein distance between two strings, optionally accepting custom costs for insertion, replacement, and deletion operations. In PHP version 8.5.7, the implementation lacks proper bounds checking for these cost parameters. PHP 8.5.7 levenshtein...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.31 views

📄 OpenBSD sppp_pap_input PAP Authentication Bypass

OpenBSD suffers from a PAP authentication bypass vulnerability via a zero-length bcmp. All versions through 7.6 are affected. ------------------------------------------------------------------------ OpenBSD sppppapinput: PAP Authentication Bypass via Zero-Length bcmp...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.44 views

📄 PHP 8.5.7 mb_substr() Underflow

PHP version 8.5.7 suffers an underflow condition that can be exploited to trigger a denial of service condition. PHP 8.5.7 mbsubstr 'SJIS-mac' sizet underflow Author: Khashayar Fereidani Disclosure Date: 2026-06-18 Advisory: https://fereidani.com/php-857-mbsubstr-sjis-mac-sizet-underflow Contact:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.42 views

📄 OpenBSD mpls_do_error Stack Disclosure

OpenBSD suffers from an mplsdoerror remote kernel stack disclosure vulnerability via an MPLS label stack. ------------------------------------------------------------------------ OpenBSD mplsdoerror: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read...

6.9CVSS5.9AI score0.00423EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.47 views

📄 PHP 8.5.7 FILTER_SANITIZE_ENCODED Uninitialized Read

PHP version 8.5.7 suffers from an uninitialized read issue that does not appear immediately useful for any sort of exploitation. PHP 8.5.7 FILTERSANITIZEENCODED uninitialized read Author: Khashayar Fereidani Disclosure Date: 2026-06-18 Advisory:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.42 views

📄 Worksnaps.net Worksnaps Hardcoded Root Cloud Credentials

Silver Leaf Technologies - Worksnaps.net Worksnaps suffers from a hardcoded credential vulnerability. Several application binaries contained hardcoded credentials, such as AWS access keys and S3 bucket names, which granted access to the production environment. Those hardcoded AWS cloud credential...

9.3CVSS5.9AI score0.00388EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/19 12:0 a.m.37 views

📄 TOTOLINK N300RH Buffer Overflow

This is a Metasploit auxiliary module that targets a stack-based buffer overflow in the TOTOLINK N300RH router's setWiFiBasicConfig CGI handler. The vulnerability occurs when the KeyStr parameter is copied into a fixed-size stack buffer without proper bounds checking. Version V6.1c.1390B20191101 ...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/19 12:0 a.m.38 views

📄 Android Kernel /dev/umts_ipc0 Out-Of-Bounds Read / Write

Proof of concept exploit targeting a vulnerability in an Android kernel driver related to GNSS/UMTS IPC /dev/umtsipc0. ================================================================================================================================== | Title : Android Kernel Exploit OOB Read/Write...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/19 12:0 a.m.31 views

📄 Veno File Manager 4.4.9 Log Disclosure

This Metasploit module allows unauthenticated attackers to download application logs from Veno File Manager version 4.4.9 by exploiting the save-csv.php endpoint. ================================================================================================================================== |...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/19 12:0 a.m.34 views

📄 Veno File Manager 4.4.9 Arbitrary File Read / Log Disclosure

Veno File Manager version 4.4.9 proof of concept exploit that demonstrates file and log disclosure vulnerabilities. ================================================================================================================================== | Title : Veno File Manager 4.4.9 - Exploit Tool |...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/19 12:0 a.m.33 views

📄 HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS7AI score0.26468EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.41 views

📄 Grav CMS Zip Slip Remote Code Execution

This Metasploit module exploits a vulnerability in Grav CMS versions prior to 2.0.0-beta.2. The Direct Install feature in the Admin plugin allows administrators to upload plugins as ZIP files...

9.1CVSS5.3AI score0.03934EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.45 views

📄 Microsoft Windows Kernel ISO Mount / Oplock Deserialization Denial of Service

Proof of concept exploit for a logic-based denial of service vulnerability in Windows 11 25H2 Build 26200 that causes permanent kernel state corruption through ISO mounting, oplocks, and Windows Defender scanning...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.41 views

📄 WordPress WP Maps Pro 6.1.0 Authentication Bypass

A vulnerability in the WP Maps Pro plugin for WordPress allows unauthenticated attackers to generate valid authentication tokens via the wpgmptempaccessajax AJAX action. The vulnerability exists because the nonce check can be bypassed, allowing attackers to obtain a temporary access token that...

9.8CVSS5.4AI score0.09461EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.35 views

📄 Wing FTP Server 8.1.2 Remote Code Execution via Session Poisoning

This proof of concept remote code execution exploit abuses a flaw in how Wing FTP Server handles admin session serialization, specifically the mydirectory basefolder field. Version 8.1.2 is affected...

8.6CVSS6.2AI score0.02643EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.39 views

📄 WordPress PickPlugins 2.0.46 OTP Bypass

WordPress PickPlugins plugin version 2.0.46 proof of concept user verification OTP authentication bypass exploit. ================================================================================================================================== | Title : WordPress PickPlugins 2.0.46 User...

9.8CVSS5.3AI score0.00578EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.39 views

📄 Genetec RabbitMQ Local Privilege Escalation

Genetec RabbitMQ local privilege escalation proof of concept exploit for Windows mimicking techniques used in token impersonation-based attacks such as Rotten Potato–style methods...

7.8CVSS5.3AI score0.00145EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.38 views

📄 Microsoft Windows Defender MsMpEng.exe Race Condition / Privilege Escalation

A race condition exists between Windows Defender's MpCleanCallbackFunction cleanup routine and Volume Shadow Copy creation. This vulnerability allows an attacker to escalate privileges to NT AUTHORITY\SYSTEM. This Metasploit module demonstrates the issue...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.36 views

📄 Microsoft Windows Defender MsMpEng.exe Race Condition / Privilege Escalation

This PowerShell script demonstrates a local privilege escalation attack targeting a race condition in the Windows Defender engine MsMpEng.exe. ================================================================================================================================== | Title : Windows...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.46 views

📄 CMS Academy Booking 1.0 SQL Injection

CMS Academy Booking version 1.0 suffers from a remote SQL injection vulnerability. ================================================================================================================================== | Title : CMS academy booking v1.0 sql injection vulnerability | | Author : indoush...

5.8AI score
Exploits0
Total number of security vulnerabilities50738