Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
โ€ขadded 2025/12/11 12:0 a.m.โ€ข164 views

๐Ÿ“„ Cisco ISE API 3.1 Command Injection

Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.1. ============================================================================================================================================= | Title : Cisco ISE API 3.1 command injection Exploits | |...

10CVSS7.9AI score0.96732EPSS
Exploits10
Packet Storm
Packet Storm
โ€ขadded 2025/12/11 12:0 a.m.โ€ข169 views

๐Ÿ“„ Casdoor 2.95.0 Directory Traversal

Casdoor version 2.95.0 directory traversal proof of concept exploit. ============================================================================================================================================= | Title : Casdoor 2.95.0 Directory Traversal | | Author : indoushka | | Tested on :...

6.5CVSS7AI score0.03093EPSS
Exploits10
Packet Storm
Packet Storm
โ€ขadded 2025/12/11 12:0 a.m.โ€ข248 views

๐Ÿ“„ Magento SessionReaper Remote Code Execution

This Metasploit module exploits CVE-2025-54236 SessionReaper, a critical vulnerability in Magento/Adobe Commerce that allows unauthenticated remote code execution. The vulnerability stems from improper handling of nested deserialization in the payment method context, combined with an...

9.1CVSS10AI score0.96742EPSS
Exploits9
Packet Storm
Packet Storm
โ€ขadded 2025/12/11 12:0 a.m.โ€ข180 views

๐Ÿ“„ WordPress King Addons for Elementor Privilege Escalation / Remote Code Execution

This Metasploit module exploits an unauthenticated privilege escalation vulnerability in the WordPress King Addons for Elementor plugin versions 24.12.92 to 51.1.14. The vulnerability exists in the handleregisterajax function which allows unauthenticated attackers to specify the userrole paramete...

9.8CVSS8.3AI score0.09142EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2025/12/11 12:0 a.m.โ€ข185 views

๐Ÿ“„ WordPress WP for CPI 1.0.2 Shell Upload

WordPress WP for CPI plugin versions 1.0.2 and below suffer from an unauthenticated shell upload vulnerability. ============================================================================================================================================= | Title : WP for CPI 1.0.2 Unauthenticated...

9.8CVSS7AI score0.00699EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2025/12/11 12:0 a.m.โ€ข141 views

๐Ÿ“„ Convio CMS 24.5 SQL Injection

Convio CMS version 24.5 proof of concept remote SQL injection exploit. ============================================================================================================================================= | Title : Convio CMS v 24.5 SQL Injection Exploit | | Author : indoushka | | Tested ...

8.2AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/11 12:0 a.m.โ€ข160 views

๐Ÿ“„ Flowise 3.0.6 JS Parsing Injection

A JavaScript parsing injection vulnerability exists in Flowise versions prior to 3.0.6 and greater than 2.2.7-patch.1. ============================================================================================================================================= | Title : Flowise 3.0.6 JS Parsing...

10CVSS7AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข190 views

๐Ÿ“„ Redash Authenticated Remote Command Execution

Redashโ€™s default setup uses PostgreSQL superuser credentials for its primary data source. Because users can run SQL through Redash, any authenticated account gains excessive control over the database. This allows executing system commands on the database server through PostgreSQLโ€™s COPY FROM...

7.7AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข237 views

๐Ÿ“„ Palo Alto Deep Packet Inspection Information Disclosure

Proof of concept code for Palo Alto deep packet inspection data exfiltration issues that appear to affect PanOS up to version 11.2.0. ============================================================================================================================================= | Title : Palo Alto...

7.2AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข175 views

๐Ÿ“„ Clinic's Patient Management System 2.0 Remote Code Execution

Clinic's Patient Management System version 2.0 proof of concept that combines SQL injection authentication bypass with an unrestricted file upload to achieve full compromise...

9.3CVSS8.4AI score0.02598EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข136 views

๐Ÿ“„ Zimbra Collaboration Suite Postjournal 10.1.0 Remote Code Execution

Proof of concept for a critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. Version 10.1.0 is affected...

7.7AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข137 views

๐Ÿ“„ Chromodo Browser 45.8.12.391 Same Origin Policy Weakness

This proof of concept demonstrates message passing between two browser windows when opened under the same logical context same origin. It affect Chromodo Browser version 45.8.12.391...

7AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข213 views

iOS 12 / macOS 10.14 voucher_swap Use-After-Free

Proof of concept for an older vulnerability from 2019. A use-after-free vulnerability in Apple's Mach voucher subsystem affects macOS version 10.14 and iOS version 12...

7.8CVSS6.9AI score0.28548EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข156 views

๐Ÿ“„ YOURLS 1.8.2 SQL Injection

Proof of concept for a remote SQL injection vulnerability in YOURLS version 1.8.2. ============================================================================================================================================= | Title : YOURLS 1.8.2 SQL Injection & System Compromise in Administrati...

7.4CVSS8.2AI score0.01994EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข168 views

๐Ÿ“„ is-localhost-ip 2.0.0 Restriction Bypass

is-localhost-ip version 2.0.0 suffers from a restriction bypass vulnerability. ============================================================================================================================================= | Title : is-localhost-ip 2.0.0 Restriction Bypass | | Author : indoushka | ...

6.9CVSS7AI score0.00357EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข147 views

๐Ÿ“„ Arista NGFW 17.3.1 Information Disclosure Scanner

This is a proof of concept testing script for an information disclosure vulnerability in Arista NGFW version 17.3.1. ============================================================================================================================================= | Title : Arista NGFW 17.3.1 Informati...

7.5CVSS6.4AI score0.00437EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข410 views

๐Ÿ“„ Exim Vulnerability Scanner

This is a multi-phase vulnerability scanning tool designed to detect and analyze security weaknesses in Exim mail servers. The tool performs comprehensive security assessments by testing for all known Exim vulnerabilities, misconfigurations, and security weaknesses. These include remote code...

10CVSS8.4AI score0.99961EPSS
Exploits65
Packet Storm
Packet Storm
โ€ขadded 2025/12/10 12:0 a.m.โ€ข143 views

๐Ÿ“„ Xorcom CompletePBX 5.2.35 Remote Code Execution

Xorcom CompletePBX suffers from an authenticated command injection vulnerability within the Task Scheduler subsystem. An attacker with valid superadmin credentials can create a scheduled task containing unsanitized parameters that get executed by the backend, resulting in remote command execution...

8.8CVSS7.6AI score0.03853EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข166 views

๐Ÿ“„ Cloudbleed Scanner

Cloudbleed Scanner is a comprehensive security tool designed to detect memory leak patterns similar to the 2017 Cloudbleed incident, where Cloudflare's reverse proxies leaked uninitialized memory containing sensitive data...

6.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข170 views

๐Ÿ“„ Beego 1.12.3 Directory Traversal / Local File Disclosure

Beego version 1.12.3 suffers from a directory traversal vulnerability that allows for local file disclosure. ============================================================================================================================================= | Title : Beego 1.12.3 Directory Traversal /...

6.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข158 views

๐Ÿ“„ Cloudflare Memory Leak

A Python-based scanner imitates CloudBleed-style leakage detection by fetching raw HTTP response data from a target website, converting it to hexadecimal, and searching for sensitive memory patterns such as sessions, passwords, tokens, cookies, AWS keys, and stack traces. It does not exploit the...

6.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข179 views

๐Ÿ“„ Adobe Acrobat Chrome 1.41.100 Cross Site Scripting

Adobe Acrobat Chrome extension version 1.41.100 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Adobe Acrobat Chrome V 1.41.100 Extension DOM...

6.3AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข180 views

๐Ÿ“„ React / Next.js Unauthenticated Remote Code Execution

A critical unauthenticated remote code execution vulnerability exists in React Server Components RSC Flight protocol. The vulnerability allows attackers to achieve prototype pollution during deserialization of RSC payloads by sending specially crafted multipart requests with proto, constructor, o...

10CVSS8.4AI score0.99562EPSS
Exploits386
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข165 views

๐Ÿ“„ dotCMS 25.07.02-1 SQL Injection

This PHP script represents a sophisticated dual-method SQL Injection exploit targeting dotCMS version 25.07.02-1. The exploit combines time-based blind SQL injection and error-based SQL injection techniques to extract password hashes from the database, specifically targeting administrator account...

9.4CVSS8.5AI score0.01558EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข232 views

๐Ÿ“„ Pluck 4.7.7-dev2 Remote Code Execution

Pluck version 4.7.7-dev2 suffers from a remote code execution vulnerability. Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Version: 4.74-dev5...

9.8CVSS9.8AI score0.08573EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข176 views

๐Ÿ“„ React 19.2.0 PHP Scanner / Remote Code Execution

This project delivers a PHP-based vulnerability scanner and remote code execution exploit for CVEโ€‘2025โ€‘55182 affecting React Server Components. It leverages RSC serialization weaknesses to execute arbitrary commands and validate successful exploitation...

10CVSS8.7AI score0.99562EPSS
Exploits372
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข164 views

๐Ÿ“„ WordPress StoryChief 1.0.42 Remote Code Execution

A critical security vulnerability exists in WordPress Story Chief plugin version 1.0.42 that allows unauthenticated attackers to achieve remote code execution by exploiting the webhook featured image functionality...

9.8CVSS8.3AI score0.37349EPSS
Exploits8
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข187 views

๐Ÿ“„ Android 7 / 8 / 8.1 Pointer Disclosure

A flaw in Android's Binder IPC allowed applications to craft Parcels where binder-object metadata overlapped with string data. When unmarshalling, the kernel inserted genuine kernel pointers into attacker-controlled buffers. These could then be echoed back through services like clipboard, resulti...

7.8CVSS6.7AI score0.00096EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2025/12/09 12:0 a.m.โ€ข244 views

๐Ÿ“„ Exim 4.98 SQL Injection

A vulnerability exists in Exim version 4.98 when ETRN input is serialized and passed to a SQLite backend. Timeโ€‘based SQL injection allows attackers to detect conditions in SQL execution measuring response latency...

9.8CVSS8.1AI score0.75782EPSS
Exploits14
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข201 views

๐Ÿ“„ Cacti 1.2.29 Remote Command Execution

Proof of concept exploit that demonstrates how authenticated users with access to Graph Templates in Cacti can abuse RRD invocation parameters to write arbitrary PHP files, then trigger execution leading to remote command execution. Version 1.2.29 is affected...

8.8CVSS9.5AI score0.51488EPSS
Exploits10
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข172 views

๐Ÿ“„ Django 5.1.13 SQL Injection

Django version 5.1.13 remote SQL injection vulnerability scanning script. ============================================================================================================================================= | Title : Django 5.1.13 SQL Injection Scanner | | Author : indoushka | | Tested o...

9.1CVSS8.3AI score0.19396EPSS
Exploits10
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข179 views

๐Ÿ“„ ClipBucket 5.5.2 Build 90 Practical Exploitation Tool

An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload, SQL injection, local file inclusion, and more. It affects ClipBucket version 5.5.2 Build 90...

6.5CVSS7.6AI score0.00998EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข161 views

๐Ÿ“„ Zimbra Collaboration Suite Postjournal 9.0.0 Remote Command Execution

A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...

8.5AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข165 views

๐Ÿ“„ Craft CMS 5.0 Logic Flaw

A flaw in the Craft CMS image transform endpoint allows an unauthenticated attacker to trigger backend processing without prior authentication. While the original Metasploit module targeted remote code execution, this proof of concept does not execute code, does not write files, and does not inje...

10CVSS7.8AI score0.99803EPSS
Exploits14
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข164 views

๐Ÿ“„ Coohom SaaS Cross Site Scripting

Coohoom SaaS is susceptible to a persistent cross site scripting vulnerability. CVE-2025-65300 Description CVE-2025-65300: Stored Cross-Site Scripting XSS Vulnerability in Coohom SaaS Platform Disclosure Date: 2025-10-28 Last Updated: 2025-10-28 Reporter: Phisit Pupiw Vendor: Coohom CWE: CWE-79 โ€“...

5.4CVSS6.4AI score0.00163EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข179 views

๐Ÿ“„ Cinnamon kotaemon 0.11.0 ZIP Bomb

Cinnamon kotaemon version 0.11.0 zip bomb proof of concept denial of service exploit. ============================================================================================================================================= | Title : Cinnamon kotaemon v 0.11.0 ZIP Bomb Vulnerability in...

6.5CVSS6.9AI score0.00312EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข201 views

๐Ÿ“„ DNN Platform Preโ€‘10.1.1 Arbitrary File Upload

DNN Platform version Preโ€‘10.1.1 suffers from an unauthenticated arbitrary file upload vulnerability. This software was formerly known as DotNetNuke. ============================================================================================================================================= | Titl...

10CVSS7.4AI score0.44656EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข157 views

๐Ÿ“„ YOURLS 1.8.2 CSRF / IDOR / Missing Authorization

YOURLS version 1.8.2 AJAX endpoint scanner that checks for cross site request forgery, insecure direct object reference, missing authorization, and missing input validation vulnerabilities...

7.4CVSS7AI score0.01994EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2025/12/08 12:0 a.m.โ€ข214 views

๐Ÿ“„ Microsoft Windows LNK File UI Misrepresentation Remote Code Execution

A critical vulnerability exists in Microsoft Windows LNK file handling that allows attackers to create malicious shortcut files that appear legitimate in Windows Explorer while executing arbitrary commands. The vulnerability is a UI misrepresentation flaw where Windows incorrectly displays file...

7.8CVSS7AI score0.63102EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/12/05 12:0 a.m.โ€ข169 views

๐Ÿ“„ WordPress AI Buddy 1.8.5 Shell Upload

WordPress AI Buddy plugin versions 1.8.5 and below remote shell upload exploit that leverages the REST API attachment functionality. ============================================================================================================================================= | Title : AI Buddy...

9.1CVSS7.2AI score0.00413EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2025/12/05 12:0 a.m.โ€ข278 views

๐Ÿ“„ Microsoft Windows File Explorer NTLM Hash Disclosure

Microsoft Windows File Explorer in Windows 10 and 11 contains a critical NTLM hash disclosure vulnerability that allows attackers to capture user authentication credentials by exploiting the automatic parsing of .library-ms files from ZIP archives, leading to potential domain compromise through...

6.5CVSS6.9AI score0.25068EPSS
Exploits21
Packet Storm
Packet Storm
โ€ขadded 2025/12/05 12:0 a.m.โ€ข174 views

๐Ÿ“„ Visual Studio 1.39.0 Remote Debugger

Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...

7.8CVSS7.1AI score0.01045EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2025/12/05 12:0 a.m.โ€ข182 views

๐Ÿ“„ Abacre Restaurant Point of Sale 15.0.0.1656 Memory Scanner

Abacre Restaurant Point of Sale version 15.0.0.1656 memory scanner for sensitive data detection. This Python script is an advanced Windows memory scanning tool designed to detect sensitive data leaks within running processes. It performs deep memory analysis to identify patterns resembling produc...

7.5CVSS6.9AI score0.00214EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/12/05 12:0 a.m.โ€ข179 views

๐Ÿ“„ Apache bRPC Stack Overflow

A critical stack overflow vulnerability in Apache bRPC's JSON parser allows remote attackers to crash servers via specially crafted deep recursive JSON data. Versions prior to 1.15.0 are affected...

7.5CVSS7.3AI score0.01479EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/12/05 12:0 a.m.โ€ข896 views

๐Ÿ“„ Flask 3.0.0 Remote Code Execution

Flask version 3.0.0 suffers from multiple remote code execution vulnerabilities. Exploit Title: Flask 3.0.0 CookApp - Multiple Unauthenticated RCE Vulnerabilities Date: 2024-12-05 Exploit Author: nu11secur1ty Vendor Homepage: https://flask.palletsprojects.com/ Software Link:...

10CVSS8.5AI score0.99562EPSS
Exploits372
Packet Storm
Packet Storm
โ€ขadded 2025/12/04 12:0 a.m.โ€ข154 views

๐Ÿ“„ Azure APIM 2 Vulnerability Checker

This PHP script is a full vulnerability scanner with proof of concepts for Azure API Management APIM instances, focusing on the possibility of crossโ€‘tenant account signup bypass through the Basic Auth Identity Provider...

7AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/12/04 12:0 a.m.โ€ข322 views

๐Ÿ“„ Microsoft Windows 11 Search Path Privilege Escalation

Microsoft Windows 11 suffers from an untrusted search path local privilege escalation vulnerability. Proof of concept Metasploit module included. ============================================================================================================================================= | Title :...

7.8CVSS5.5AI score0.00407EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2025/12/04 12:0 a.m.โ€ข283 views

๐Ÿ“„ phpMyFAQ 2.9.8 Cross Site Request Forgery

phpMyFAQ version 2.9.8 suffers from multiple cross site request forgery vulnerabilities. These are proof of concepts from issues stemming back in 2017. Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage:...

8.8CVSS7.1AI score0.01173EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2025/12/04 12:0 a.m.โ€ข178 views

๐Ÿ“„ WordPress AI Engine 3.1.3 Remote Code Execution

This Metasploit module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions less than or equal to 3.1.3. The vulnerability allows an attacker to create an administrator account via the MCP Model Context Protocol endpoint without authentication. The module supports...

9.8CVSS8.2AI score0.75063EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2025/12/04 12:0 a.m.โ€ข277 views

๐Ÿ“„ Samsung QuramDng Out-Of-Bounds Write

Samsung QuramDng has an invalid LossyJpeg component assumption that leads to an out-of-bounds write. BACKGROUND Samsung Android uses an internal DNG decoding library, QuramDng in libimagecodec.quram.so, to decode images in com.samsung.ipservice and com.samsung.gallery3d. Samsung Gallery will deco...

10CVSS6.9AI score0.19972EPSS
Exploits9
Total number of security vulnerabilities50738