Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.136 views

📄 Online Admission Software 2.6 Insecure Direct Object Reference

Online Admission Software version 2.6 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 IDOR...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.165 views

📄 NPU Driver Use-After-Free Detector

This Metasploit module detects vulnerable NPU drivers susceptible to CVE-2025-21424, a use-after-free vulnerability in the MSM NPU kernel driver. Additional details are included that identify shortcomings in the original proof of concept...

7.8CVSS5.3AI score0.00109EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.172 views

📄 Ingress-NGINX Admission Controller 1.11.1 Remote Code Execution

Ingress-NGINX Admission Controller version 1.11.1 remote code execution proof of concept exploit that chains together multiple vulnerabilities. Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage:...

9.8CVSS6.4AI score0.99098EPSS
Exploits21
Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.127 views

📄 D-Link DIR-825 Rev.B 2.10 Buffer Overflow

D-Link DIR-825 Rev.B versions 2.10 and below proof of concept stack buffer overflow denial of service exploit. Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/...

9.8CVSS8.2AI score0.03039EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.123 views

📄 Mutiny 5.0-1.07 Directory Traversal

Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...

8.5CVSS5.2AI score0.40338EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.189 views

📄 MotionEye Frontend 0.43.1b4 Command Injection

Proof of concept exploit for a command injection vulnerability in MotionEye Frontend version 0.43.1b4. ============================================================================================================================================= | Title : MotionEye Frontend 0.43.1b4 RCE | | Author...

7.2CVSS5.3AI score0.2442EPSS
Exploits16
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.154 views

📄 Monstra CMS 3.0.4 Shell Upload

Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.271 views

📄 mPDF 8.1.0 Server-Side Request Forgery / Local File Disclosure / DoS

mPDF version 8.1.0 is vulnerable to multiple security issues related to unsafe handling of external resources, file paths, and image content during HTML-to-PDF rendering. When untrusted or partially trusted HTML input is processed, attackers may exploit insufficient validation to trigger...

5.6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.187 views

📄 Go crypto/x509 Hostname Verification Denial of Service

A denial of service vulnerability exists in the Go programming language crypto/x509 package. The issue occurs during TLS hostname verification when constructing error messages for certificates containing a very large number of DNS names. In affected versions, error message construction uses...

7.5CVSS5.5AI score0.00459EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.119 views

📄 NanoMQ 0.24.6 API SQL Rule Engine Buffer Overflow

This script is a proof of concept used to test NanoMQ's API for improper input handling. It sends an intentionally long and malformed SQL alias through the /api/v4/rules endpoint to check whether the service safely rejects the input or crashes. The code does not achieve real remote code execution...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.119 views

📄 Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

7.2CVSS6.3AI score0.00454EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.126 views

📄 NCR Command Center Agent 16.3 Remote Command Execution

Proof of concept exploit for a remote command execution vulnerability in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers. The vulnerability allows remote, unauthenticated attackers to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML document to...

10CVSS9AI score0.87383EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.151 views

📄 Microsoft Windows 11 Build 10.0.27898.1000 Advanced Admin Protection Bypass

This enhanced proof of concept demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privilege checks...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.158 views

📄 Blesta 5.13.1 2Checkout PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from a 2Checkout PHP object injection vulnerability. The vulnerabilities exist because user input passed through the invoices POST parameter or the item-ext-ref GET parameter when dispatching the Checkout2::validate or Checkout2::success method is not...

7.5CVSS6.3AI score0.00387EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.207 views

📄 Nagios XI Monitoring Wizard Command Injection

Nagios XI is a widely used enterprise monitoring solution. A vulnerability exists within the Monitoring Wizard configuration page where the database parameter is unsafely passed into backend operations. Authenticated users can exploit this to execute arbitrary system commands, allowing full remot...

8.8CVSS5.9AI score0.25922EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.168 views

📄 Blesta 5.13.1 Cross Site Scripting

Blesta versions 3.2.0 through 5.13.1 suffer from a cross site scripting vulnerability. User input passed through the confirmurl GET parameter to the /dialog/confirm and /clientdialog/confirm/ endpoints is not properly sanitized before being used to generate HTML output; specifically, before being...

4.7CVSS4.9AI score0.00383EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/03 12:0 a.m.160 views

📄 Casdoor 2.283.0 Cross Site Request Forgery

Casdoor version 2.283.0 suffers from a cross site request forgery vulnerability. Related CVE number: CVE-2023-34927. Exploit Title: Casdoor v2.283.0 2026-02-02 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.283.0 Date: 03/02/2026 Exploit Author: Van Lam Nguyen Facebook:...

6.5CVSS5AI score0.03093EPSS
Exploits10
Packet Storm
Packet Storm
added 2026/02/03 12:0 a.m.163 views

📄 LimeSurvey 5.2.4 Remote Code Execution

Proof of concept exploit for LimeSurvey version 5.2.4 that loads a malicious PHP plugin and executes a reverse shell. ============================================================================================================================================= | Title : LimeSurvey 5.2.4 reverse...

9CVSS5.4AI score0.12579EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/03 12:0 a.m.180 views

📄 Flask-Uploads 0.2.1 Path Traversal / Arbitrary File Write

Flask-Uploads versions 0.2.1 and below Metasploit module that exploits a path traversal vulnerability to achieve an arbitrary file write. ============================================================================================================================================= | Title :...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/03 12:0 a.m.150 views

📄 Chromium Memory Corruption Trigger Simulation

This is a theoretical trigger simulation for a Chromium-class vulnerability associated with memory corruption scenarios commonly affecting the V8 JavaScript engine or the Blink rendering engine. The code intentionally performs heap allocation patterns and unsafe memory access attempts in order to...

6.5CVSS6.1AI score0.00224EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/03 12:0 a.m.137 views

📄 Podinfo 6.10.0 Cross Site Scripting

Podinfo versions 6.10.0 and below suffer from a cross site scripting vulnerability. CVE-2025-70849: Stored XSS in Podinfo Summary A security vulnerability CWE-79 was identified in Podinfo, a web application for demonstrating Kubernetes microservices. The /store feature allows unauthenticated user...

6.1CVSS4.9AI score0.00244EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.131 views

📄 Pragyan CMS 3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.110 views

📄 FlatPress 1.0.2 Cross Site Scripting

Cross site scripting vulnerabilities exist in FlatPress version 1.0.2. FlatPress is a blogging engine that saves posts as simple text files. This issue is older research added to the archive. FlatPress 1.0.2 - Cross-site Scripting Advisory ID: RO-14-011 Severity: Critical Vendor: FlatPress Produc...

5.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.138 views

📄 Aggie 2.6.1 Host Header Injection

This is a detailed analysis and proof of concept exploit for CVE-2025-22381, a host header injection vulnerability discovered in Aggie version 2.6.1. CVE-2025-22381: Host Header Injection in Aggie Detailed analysis and Proof-of-Concept for CVE-2025-22381, a Host Header Injection vulnerability...

8.2CVSS5.3AI score0.00612EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.155 views

📄 Appsmith 1.92 Origin Header Injection

A critical vulnerability in Appsmith version 1.92 allows an unauthenticated attacker to manipulate the Origin HTTP header during the password reset process. Due to improper trust in client‑supplied headers, Appsmith constructs password reset links based on the injected origin. This enables an...

9.6CVSS5.7AI score0.00393EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.161 views

📄 MiniCMS 1.11 Exploitation Toolkit

This toolkit focuses on validating and demonstrating the impact of a known and documented design flaw in MiniCMS 1.11 related to its build process CVE-2018-1000638. MiniCMS relies on an insecure build.php script that blindly packages filesystem contents into install.php without enforcing integrit...

6.1CVSS5.8AI score0.02191EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.124 views

📄 glFusion 1.3.0 Blind SQL Injection

A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This is older research...

5CVSS6.3AI score0.2226EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.121 views

📄 Clicky by Yoast 1.4.3 Cross Site Scripting

Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive. Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting Advisory ID: RO-16-006 Severity: Medium Vendor: Yoast Product: Clicky b...

5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.137 views

📄 WP Flash Player 1.3 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...

5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.136 views

📄 BulletProof Security 0.53.3 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3. This issue is older research added to the archive. BulletProof Security 0.53.3 - Multiple Cross-site Scripting Advisory ID: RO-16-007 Severity: Medium Vendor: AITpro Product: BulletProof...

5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.117 views

📄 Gibbon 14.0.01 Frame Injection

Frame injection vulnerabilities exist in Gibbon version 14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application. This issue is older research added to the archive. Gibbon v14.0.01 - Frame Injection Vulnerabilities Advisory ID: RO-18-012 Severity:...

5.7AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.304 views

📄 glFusion 1.3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.196 views

📄 Mailpit SMTP CRLF Injection

A CRLF injection vulnerability exists in Mailpit's SMTP server versions prior to 1.28.3. The vulnerability allows attackers to inject arbitrary SMTP headers by including carriage return characters in email addresses due to insufficient regex validation. Mailpit - SMTP CRLF Injection via Regex...

5.3CVSS5.6AI score0.01441EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.146 views

📄 Gakido CRLF Injection

A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...

5.3CVSS5.4AI score0.0036EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.117 views

📄 Serendipity 1.6.2 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Serendipity 1.6.2 - Cross-site Scripting Advisory ID: RO-13-002 Severity: Mediu...

5.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.154 views

📄 NetScaler 14.1 Vulnerability Scanner

This Metasploit module scans for vulnerable Citrix NetScaler ADC instances affected by the memory overflow noted in CVE-2025-6543. It identifies vulnerable versions through SNMP and SSH banner grabbing...

9.8CVSS8AI score0.09756EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.137 views

📄 WordPress Hustle 7.8.4 Credential Disclosure Scanner

WordPress Hustle plugin credential disclosure security scanner that detects the installed plugin version, verifies whether it falls within known vulnerable releases 7.8.0–7.8.3, and scans for sensitive files containing hardcoded HubSpot credentials. The tool also fetches the latest official plugi...

8.6CVSS5.3AI score0.00789EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.134 views

📄 Cockpit CMS 0.13.0 Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Multiple Reflected XSS Advisory ID: RO-16-003...

5.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.136 views

📄 Cockpit CMS 0.13.0 Remote Code Execution

Multiple remote code execution vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to execute arbitrary PHP code on the server. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Remote Code Execution Advisory ID: RO-16-004 Severity...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.158 views

📄 MaNGOSWeb 4.0.6 Multi-Exploit Framework

A comprehensive penetration testing tool designed to identify and exploit multiple critical vulnerabilities in MangosWeb 4 version 4.0.6, a World of Warcraft emulator web interface. These include SQL injection, XML injection, file write vulnerabilities, and more...

6.1CVSS5.7AI score0.02574EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.156 views

📄 Mailpit 1.28.1 Cross Site WebSocket Hijacking

A cross site websocket hijacking vulnerability exists in Mailpit versions 1.28.1 and below. The vulnerability allows remote attackers to intercept sensitive data such as email contents, headers, and server statistics in real-time. Mailpit - Cross-Site WebSocket Hijacking CSWSH Advisory ID:...

6.5CVSS5.1AI score0.00208EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.136 views

📄 feedyour.email 2.4.1 SQL Injection

A SQL injection vulnerability exists in feedyour.email versions 2.4.1 and below. The vulnerability allows remote attackers to execute arbitrary SQL commands via the search functionality. feedyour.email - SQL Injection via Search Parameter Advisory ID: RO-26-003 CVE ID: CVE-2025-XXXX Pending...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.137 views

📄 Moodle 4.x PHP Code Injection

This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...

8.1CVSS5.5AI score0.83343EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.152 views

📄 Apache Roller 6.1.2 Cross Site Request Forgery

Apache Roller versions 6.1.2 and below contain a cross site request forgery vulnerability in endpoint /roller/roller-ui/profile!save.rol. This vulnerability allows attackers to arbitrarily update the victim user's profile information e.g., email, full name, locale, timezone via a crafted HTML pag...

5.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.197 views

📄 GIMP PNM Integer Overflow

This is a proof of concept exploit that generates a malicious .pnm file for an integer overflow vulnerability in GIMP PNM. ============================================================================================================================================= | Title : GIMP PNM Integer...

7.8CVSS5.4AI score0.00508EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.214 views

📄 FreePBX Endpoint Authentication Bypass / SQL Injection

This proof of concept exploit demonstrates a chained attack scenario in FreePBX that combines an authentication bypass with a SQL injection vulnerability in the custom endpoint extension component. When specific configuration conditions are met, an attacker may interact with administrative...

9.8CVSS5.7AI score0.3896EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.143 views

📄 WP-Polls 2.73 Cross Site Scripting

A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...

6.1CVSS4.9AI score0.00917EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.142 views

📄 Geeklog 2.2.1 Blind SQL Injection

A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive. Geeklog 2.2.1 - Blind SQL Injection Advisory ID: RO-20-002...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.161 views

📄 Mailpit Server-Side Request Forgery

A server-side request forgery vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Versions prior to 1.28.0 are affected. Mailpit - Server-Side Request Forgery SSRF Advisory ID: RO-26-001 CVE ID: CVE-2026-21859 Severity: Medium...

5.8CVSS5.4AI score0.00755EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/01/30 12:0 a.m.279 views

📄 n8n 2.0.0-rc.4 Remote Command Execution

n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...

10CVSS6AI score0.97875EPSS
Exploits40
Total number of security vulnerabilities50738