Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.167 views

📄 Keras 2.15 Insecure Deserialization

Keras version 2.15 insecure deserialization proof of concept exploit. A security issue in certain versions of Keras allows attackers to craft a malicious model file typically a .keras or HDF5-based model containing unsafe serialization primitives. When such a model is loaded, the deserialization...

4.8CVSS4.7AI score0.00901EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.154 views

📄 Langflow 1.3.0 Remote Code Execution

A critical remote code execution vulnerability exists in Langflow that allows unauthenticated attackers to execute arbitrary system commands via the code validation API endpoint. The vulnerability enables complete compromise of Langflow instances through improper input sanitization in the Python...

9.8CVSS10AI score0.99968EPSS
Exploits33
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.167 views

📄 js2py 0.74 Automated Sandbox Escape / Code Execution

js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...

5.3CVSS8.3AI score0.04548EPSS
Exploits22
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.167 views

📄 Laravel Pulse 1.3.1 Arbitrary Code Injection

Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability...

8.8CVSS7.7AI score0.28571EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.173 views

📄 Jenkins 2.441 Arbitrary File Read

Jenkins version 2.441 proof of concept arbitrary file read exploit. ============================================================================================================================================= | Title : Jenkins 2.441 read files Vulnerability | | Author : indoushka | | Tested on :...

9.8CVSS7.1AI score0.99999EPSS
Exploits46
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.162 views

📄 Mantis Bug Tracker 2.3.0 Remote Code Execution

Mantis Bug Tracker version 2.3.0 unauthenticated remote code execution exploit that chains together two vulnerabilities. The exploit resets the administrator password and then takes advantage of a command injection vulnerability. Exploit Title: Mantis Bug Tracker 2.3.0 - Remote Code Execution...

8.8CVSS8.8AI score0.90856EPSS
Exploits12
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.147 views

📄 Juniper ScreenOS 6.2.0r15 Backdoor Scanner

Juniper ScreenOS version 6.2.0r15 SSH backdoor scanner written in PHP. ============================================================================================================================================= | Title : Juniper ScreenOS 6.2.0r15 PHP Backdoor Scanner | | Author : indoushka | |...

10CVSS8.2AI score0.614EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.170 views

📄 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner

A local file inclusion vulnerability exists in the function kubiohybridthemeloadtemplate of the Kubio AI Page Builder plugin for WordPress versions less than or equal to 2.5.1. An unauthenticated attacker may include arbitrary files via path traversal. This may lead to sensitive file disclosure a...

9.8CVSS7.1AI score0.76761EPSS
Exploits39
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.177 views

📄 Headlamp 0.38.0 Credential Reuse

A security issue was discovered in the in-cluster version of Headlamp where unauthenticated users may be able to reuse cached credentials to access Helm functionality through the Headlamp UI. Kubernetes clusters are only affected if Headlamp is installed, is configured with config.enableHelm: tru...

6.9AI score
Exploits2
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.184 views

📄 WordPress GiveWP Donation 3.14.1 PHP Object Injection

WordPress GiveWP Donation Fundraising Platform version 3.14.1 suffers from a PHP code injection vulnerability. This script exploits a different vector than the prior submissions from this researcher...

10CVSS7.6AI score0.74283EPSS
Exploits11
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.156 views

📄 Invision Community 5.0.6 customCss Expression Injection

Invision Community version 5.0.6 customCss expression injection proof of concept exploit written in PHP. ============================================================================================================================================= | Title : Invision Community 5.0.6 customCss...

10CVSS7.4AI score0.79174EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.199 views

📄 FastAPI‑Based Delivery Server Proof of Concept

This proof of concept demonstrates how legacy ActiveX objects in Internet Explorer can be invoked automatically when a crafted HTML payload is delivered by a minimal HTTP server. The proof of concept shows automatic execution attempts using WScript.Shell and Shell.Application without additional...

7.8CVSS6.9AI score0.01466EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.178 views

📄 ionCube Loader Wizard 14.4.0 Scanner

ionCube Loader Wizard version 2.34 scanner that look for the installation file and displays PHP info to gather more information about the target. ============================================================================================================================================= | Title :...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.143 views

📄 Institute Admission Software 2.5 Insecure Direct Object Reference

Institute Admission Software version 2.5 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Institute Admission Software 2.5 IDOR...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.191 views

📄 HighPortal 12.x SQL Injection

HighPortal version 12.x remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : HighPortal v12.x SQL Injection Exploit | | Author : indoushka | | Tested o...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.148 views

📄 ICTBroadcast 7.0 Remote Code Execution

A vulnerability in ICTBroadcast version 7.0 allows unauthenticated remote command execution due to improper handling of session cookie values. An attacker can modify cookie entries to inject system commands that the application unintentionally executes...

9.3CVSS7.6AI score0.06078EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.169 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

A critical privilege escalation vulnerability exists in Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below. This is a proof of concept exploit written in PHP...

9.8CVSS7.2AI score0.07285EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.199 views

📄 Invoice Ninja 5.8.22 PHP Code Injection

Invoice Ninja version 5.8.22 remote proof of concept exploit for a PHP code injection vulnerability. ============================================================================================================================================= | Title : Invoice Ninja v 5.8.22 PHP Code Injection...

8.8CVSS7.7AI score0.065EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.147 views

📄 IGEL OS Workspace Edition 11.10.430 Persistent Payload

IGEL OS Workspace Edition version 11.10.430 contains a persistence mechanism that allows authenticated attackers with root access to establish persistent code execution through the system's registry configuration. The vulnerability leverages IGEL OS's custom registry system and mount point...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.163 views

📄 Ivanti Endpoint Manager Mobile 12.5.0.0 Expression Language Injection

Ivanti Endpoint Manager Mobile version 12.5.0.0 proof of concept exploit with a vulnerability chain that allows unauthenticated attackers to execute arbitrary commands on the target system through Java Expression Language EL injection in the /mifs/rs/api/v2/featureusage endpoint...

8.8CVSS8.1AI score0.99891EPSS
Exploits10
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.180 views

📄 IBM BigFix Platform 9.2 Information Disclosure

IBM BigFix Platform version 9.2 information gathering proof of concept exploit. ============================================================================================================================================= | Title : IBM BigFix Platform 9.2 gather information Vulnerability | | Auth...

5.3CVSS6.7AI score0.22547EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.151 views

📄 Hestia Control Panel 1.9.3 Code Execution

Hestia Control Panel version 1.9.3 code injection proof of concept exploit written in PHP that leverages cronjobs. ============================================================================================================================================= | Title : Hestia Control Panel 1.9.3 PHP...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.234 views

📄 Gnuboard 5.6.23 SQL Injection / Code Execution

Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution. ============================================================================================================================================= | Title : Gnuboard v5.6.23...

9.8CVSS9.1AI score0.05377EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.201 views

📄 Control Web Panel 0.9.8.1208 Command Injection

Control Web Panel versions 0.9.8.1208 and below suffer from an issue where user input passed via the key GET parameter to /admin/index.php when the api parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject...

7.8AI score0.01186EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.152 views

📄 Craft CMS 5.0 Twig Template Injection Scanner

This is a mass scanning script for the Craft CMS version 5.0 Twig template injection vulnerability. ============================================================================================================================================= | Title : Craft CMS 5.0 Twig Template Injection – Mass...

9.8CVSS7.4AI score0.97446EPSS
Exploits9
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.147 views

📄 HTMLDOC 1.9.13 Stack Buffer Overflow

Proof of concept exploit written in PHP for HTMLDOC version 1.9.13 that generates a malicious BMP file that will trigger a stack buffer overflow vulnerability...

7.8CVSS8AI score0.07349EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.197 views

📄 HighCMS 12.x SQL Injection

HighCMS version 12.x remote SQL injection proof of concept exploit written in Python. ============================================================================================================================================= | Title : HighCMS v12.x SQL Injection Exploit | | Author : indoushka ...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.152 views

📄 WordPress Omnipress 1.6.3 Cross Site Scripting

WordPress Omnipress plugin versions 1.6.3 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordPress Plugin Keywords: CVE-2025-XXXXX, Omnipress WordPress vulnerability, stored XSS, WordPress security, authenticated XSS...

6.4CVSS6.4AI score0.00298EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.254 views

📄 WIX.com Cross Site Scripting

WIX.com appears to suffer from a cross site scripting vulnerability. The researcher contacted them months ago and they have ignored his report, so we are posting this to encourage them to address it and to let their users know that they could be affected by this vulnerability. Titles: WIX.com /...

6.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.430 views

📄 Bitrix24 25.100.300 Remote Code Execution

Bitrix24 versions 25.100.300 and below have a vulnerability that is located within the Translate Module, which allows users to upload and extract archive files into a temporary directory. However, the application fails to properly verify the contents of these archives before extracting them. This...

7.7AI score0.01028EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.311 views

📄 Grav CMS 1.7.49.5 Sandbox Bypass

This code is a standalone PHP proof of concept exploit targeting Grav CMS version 1.7.49.5 that demonstrates an authenticated remote code execution vulnerability caused by a Twig server-side template injection combined with a sandbox bypass...

9.6CVSS8.5AI score0.0264EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.681 views

📄 1C-Bitrix 25.100.500 Remote Code Execution

1C-Bitrix versions 25.100.500 and below have a vulnerability that is located within the Translate Module, which allows users to upload and extract archive files into a temporary directory. However, the application fails to properly verify the contents of these archives before extracting them. Thi...

7.7AI score0.01549EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.373 views

📄 HTTP/2 Rapid Reset DoS Tester

This is an HTTP/2 Rapid Reset denial of service testing tool. It provides a comprehensive method for testing CVE-2023-44487 with cross-system compatibility, improved user interface, and detailed reporting capabilities...

7.5CVSS7.4AI score0.99999EPSS
Exploits19
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.231 views

📄 Figma Desktop Application 125.6.5 Remote Code Execution

Figma Desktop Application version 125.6.5 proof of concept remote code execution exploit that leverages the plugin manifest. ============================================================================================================================================= | Title : Figma Desktop...

8.4CVSS8.2AI score0.01058EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.198 views

📄 flatCore 1.5 Shell Upload

flatCore version 1.5 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : flatCore 1.5 Advanced File Upload Exploit | | Author : indoushka | | Tested on...

8.8CVSS7.3AI score0.02254EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.153 views

📄 FoxCMS 1.0 Code Injection

FoxCMS version 1.0 proof of concept remote code injection exploit. ============================================================================================================================================= | Title : FoxCMS v1.0 php code innjection | | Author : indoushka | | Tested on : windows...

9.8CVSS8.1AI score0.43655EPSS
Exploits11
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.171 views

📄 Docker Compose 2.40.3 Command Execution

Docker Compose version 2.40.3 proof of concept provider type PHP command execution exploit. ============================================================================================================================================= | Title : Docker Compose v 2.40.3 Provider Type PHP Command...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.149 views

📄 GetSimple CMS 3.3.16 Cross Site Request Forgery

GetSimple CMS version 3.3.16 cross site request forgery proof of concept that deletes all backups without user confirmation. ============================================================================================================================================= | Title : GetSimple CMS 3.3.16...

7.2CVSS6.8AI score0.07548EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.208 views

📄 Flask 3.0.0 Command Injection

Flash 3.0.0 proof of concept exploit that demonstrates multiple command injection vulnerabilities. ============================================================================================================================================= | Title : Flask 3.0.0 Command Injection | | Author :...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.160 views

📄 dotCMS 25.07.02-1 Security Scanner

dotCMS version 25.07.02-1 python scanning script that looks for remote SQL injection. ============================================================================================================================================= | Title : dotCMS 25.07.02-1 Security Scanner | | Author : indoushka |...

9.4CVSS7.8AI score0.01558EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.157 views

📄 Drupal 11.x-dev Information Disclosure

Proof of concept script demonstrating a full path disclosure issue in Drupal version 11.x-dev. ============================================================================================================================================= | Title : Drupal 11.x-dev full Information Disclosure | |...

5.3CVSS6.9AI score0.09269EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.200 views

📄 Elementor Website Builder SQL Injection

Proof of concept exploit that demonstrates a remote SQL injection vulnerability in Elementor Website Builder versions prior 3.12.2. ============================================================================================================================================= | Title : Elementor...

7.2CVSS8.2AI score0.19695EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.176 views

📄 Grav CMS Twig SSTI Authenticated Sandbox Bypass Remote Code Execution

This Metasploit module exploits a Server-Side Template Injection SSTI vulnerability CVE-2025-66294 in Grav CMS that allows bypassing the Twig sandbox to achieve remote code execution. The cleanDangerousTwig method uses weak regex that fails to sanitize nested Twig calls within the evaluatetwig...

9.6CVSS8.3AI score0.0264EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.138 views

📄 Desktop XDG 1.0 Code Execution

This proof of concept generates a malicious file that allows for arbitrary code execution in Desktop XDG version 1.0. ============================================================================================================================================= | Title : Desktop XDG v1.0 Malicious...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.192 views

📄 dotCMS 24.04.24 Vulnerability Scanner

dotCMS version 24.04.24 advanced exploitation python scanning script that looks for local file inclusion, data exposure, SQL injection, and more. ============================================================================================================================================= | Title :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.189 views

📄 Azuriom CMS 1.2.6 Client-Side Template Injection

A client-side template injection vulnerability affects the Azuriom CMS Admin Dashboard in version 1.2.6. Several dashboard components widgets, plugins, and admin panels render untrusted user input inside the administrator's browser. Low-privileged users can inject template expressions that execut...

8.8CVSS7.5AI score0.00359EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.161 views

📄 Eramba GRC 3.19.1 Command Injection

Eramba GRC platform version 3.19.1 proof of concept command injection exploit. ============================================================================================================================================= | Title : Eramba GRC platform 3.19.1 Command injection in download-test-pdf...

8.8CVSS7.7AI score0.57359EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.159 views

📄 FlatPress 1.3 Shell Upload

FlatPress version 1.3 remote shell upload proof of concept exploit that leverages a cross site request forgery vulnerability. ============================================================================================================================================= | Title : FlatPress 1.3 shell...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.147 views

📄 EduplusCampus Student Portal 3.0.1 Insecure Direct Object Reference

EduplusCampus Student Portal version 3.0.1 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : EduplusCampus student portal v 3.0.1...

6.5CVSS7AI score0.00302EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/12/11 12:0 a.m.159 views

📄 Broadcom Wi-Fi Firmware Out-Of-Bounds Write

Broadcom Wi-Fi firmware remote code execution exploit via an out-of-bounds write in the RRM Neighbor Report Handler. ============================================================================================================================================= | Title : Broadcom 802.11k Remote Code...

10CVSS8.5AI score0.09129EPSS
Exploits3
Total number of security vulnerabilities50738