Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
•added 2025/12/04 12:0 a.m.•155 views

šŸ“„ Microsoft Windows 11 Build 10.0.27898.1000 AiRegistrySync Bypass / Privilege Escalation

Microsoft Windows 11 build 10.0.27898.1000 Metasploit module designed to achieve local privilege escalation on Windows 10/11 by targeting a vulnerability misconfiguration in the AiRegistrySync service...

6.9AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/04 12:0 a.m.•164 views

šŸ“„ Django 5.1.13 SQL Injection

Django version 5.1.13 suffers from a remote SQL injection vulnerability. Exploit Title: Django 5.1.13 - SQL Injection Google Dork: none Not applicable for this vulnerability Date: 2025-12-03 Exploit Author: Wafcontrol Security Team Vendor Homepage: https://www.djangoproject.com/ Software Link:...

9.1CVSS8.2AI score0.19396EPSS
Exploits10
Packet Storm
Packet Storm
•added 2025/12/04 12:0 a.m.•192 views

šŸ“„ Microsoft Windows 11 Build 10.0.27898.1000 Insider Preview Privilege Escalation

A security vulnerability exists in the Windows Administrator Protection feature in Windows 11 Insider Preview that allows a low-privileged user to achieve privilege escalation. The vulnerability is located in the AiRegistrySync function within the appinfo service, which incorrectly copies registr...

7.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/04 12:0 a.m.•420 views

šŸ“„ Microsoft Windows 11 Administrator Protection UAC Bypass / Privilege Escalation

A privilege escalation vulnerability exists in Windows 11 Insider Preview Build 10.0.27919.1000 due to improper handling of user‑controlled environment variables by the Unified Background Process Manager UBPM when launching elevated scheduled tasks under Administrator Protection. Proof of concept...

7.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/04 12:0 a.m.•198 views

šŸ“„ Discord Language Sloth Bot Directory Traversal Scanner / Payload Generator

The Language Sloth Discord bot contains a critical directory traversal vulnerability allowing attackers to read arbitrary files on the server hosting the bot through improperly sanitized user input in file path operations. This is an automated scanner with payload generation...

7.5CVSS6.7AI score0.01479EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/04 12:0 a.m.•238 views

šŸ“„ Microsoft Windows 11 Administrator Protection Bypass / Privilege Escalation

Microsoft Windows 11 suffers from an administrator protection bypass local privilege escalation vulnerability. Proof of concept Metasploit module included. =============================================================================================================================================...

6.9AI score
Exploits1
Packet Storm
Packet Storm
•added 2025/12/04 12:0 a.m.•179 views

šŸ“„ WordPress AI Engine 3.1.3 Remote Code Execution

This Metasploit module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions less than or equal to 3.1.3. The vulnerability allows an attacker to create an administrator account via the MCP Model Context Protocol endpoint without authentication. The module supports...

9.8CVSS8.2AI score0.75063EPSS
Exploits5
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•186 views

šŸ“„ Microsoft Windows 11 Build 10.0.22631.6199 UAC Bypass

Microsoft Windows 11 build 10.0.22631.6199 proof of concept exploit for a UAC bypass vulnerability achieved via DLL injection Windows Hooking. ============================================================================================================================================= | Title :...

7.3AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•271 views

šŸ“„ Microsoft Windows 11 build 10.0.22631.6199 Privilege Escalation

Microsoft Windows 11 build 10.0.22631.6199 proof of concept tool that implements a notorious local privilege escalation technique on Windows. The code implements a task scheduler/DLL sideloading attack to achieve UAC bypass / privilege escalation by forcing the trusted SilentCleanup task to load...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•334 views

šŸ“„ EduplusCampus 3.0.1 Insecure Direct Object Reference

A critical insecure direct object reference vulnerability was identified in the EduplusCampus student portal version 3.0.1. This vulnerability allows an authenticated user to access the sensitive personal and financial records of other students by modifying the recno parameter in the API request...

6.5CVSS6.8AI score0.00302EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•138 views

šŸ“„ Piwigo 13.6.0 SQL Injection

Piwigo version 13.6.0 suffers from a remote SQL injection vulnerability. Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CV...

9.8CVSS8.2AI score0.09058EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•144 views

šŸ“„ OpenRepeater 2.1 Command Injection

OpenRepeater version 2.1 suffers from a command injection vulnerability. Exploit Title: OpenRepeater 2.1 - OS Command Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/OpenRepeater/openrepeater Software Link: https://github.com/OpenRepeater/openrepeater...

10CVSS7.7AI score0.27631EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•201 views

šŸ“„ Microsoft Windows 11 Build 10.0.22631.6199 Registry Vulnerability Testing Tool

This is a C/C++ proof-of-concept PoC program designed to test for a specific vulnerability within the Windows Registry handling mechanism, often related to key duplication or improper permission checks during certain API calls like RegCopyTreeW...

6.9AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•154 views

šŸ“„ phpMyAdmin 5.0.0 SQL Injection

phpMyAdmin version 5.0.0 suffers from a remote SQL injection vulnerability. Exploit Title: phpMyAdmin 5.0.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ Software Link: https://github.com/phpmyadmin/phpmyadmin/ Version: 5.0....

8.8CVSS8.2AI score0.38778EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•211 views

šŸ“„ Microsoft Windows 11 Build 10.0.22631.6199 Advanced Admin Protection Bypass

This enhanced proof of concept exploit demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privileg...

7.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•168 views

šŸ“„ Adobe DNG SDK 1.4 Out-Of-Bounds Read

A vulnerability exists in Adobe DNG SDK the fork used by Android due to improper validation of the fAreaSpec fields inside the dngopcodeDeltaPerRow::ProcessArea function. If an attacker supplies a crafted DNG file with an empty or malformed fAreaSpec, the SDK performs arithmetic that results in...

6.7AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•154 views

šŸ“„ phpIPAM 1.6 Cross Site Scripting

phpIPAM version 1.6 suffers from multiple cross site scripting vulnerabilities. Exploit Title: phpIPAM 1.6 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/...

7.1CVSS6.7AI score0.01502EPSS
Exploits5
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•166 views

šŸ“„ AI Plugins 1.10.9 Shell Upload

This Metasploit module exploits unauthenticated arbitrary file upload vulnerabilities in multiple WordPress AI plugins including Cibeles AI, AI Feeds, and AI Buddy. The vulnerabilities allow attackers to upload PHP webshells via GitHub integration functionality...

9.8CVSS7.5AI score0.00856EPSS
Exploits9
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•158 views

šŸ“„ MobileDetect 2.8.31 Cross Site Scripting

MobileDetect version 2.8.31 suffers from a cross site scripting vulnerability. Exploit Title: MobileDetect 2.8.31 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ Software Link:...

6.1CVSS6.4AI score0.02634EPSS
Exploits2
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•150 views

šŸ“„ phpIPAM 1.4 SQL Injection

phpIPAM version 1.4 suffers from a remote SQL injection vulnerability in order.php. This version is also known to suffer from other vectors of attack for the same issue. Exploit Title: phpIPAM 1.4 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage:...

9.8CVSS8.1AI score0.04338EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•138 views

šŸ“„ YOURLS 1.8.2 Cross Site Request Forgery

YOURLS version 1.8.2 suffers from a cross site request forgery vulnerability. Exploit Title: YOURLS 1.8.2 - Cross-Site Request Forgery CSRF Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/yourls/yourls/ Software Link: https://github.com/yourls/yourls/ Version: 1.8....

7.4CVSS6.8AI score0.01994EPSS
Exploits5
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•159 views

šŸ“„ Cleo LexiCom VLTrader Harmony 5.8.0.23 Unauthenticated Arbitrary File Write

Cleo LexiCom, VLTrader, and Harmony file transfer solutions versions 5.8.0.23 and below contain an unauthenticated remote code execution vulnerability that allows attackers to write arbitrary files to the system and execute commands through the software's autorun functionality. The vulnerability...

9.8CVSS9.1AI score0.93804EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•149 views

šŸ“„ PluckCMS 4.7.10 Arbitrary File Upload

PluckCMS version 4.7.10 suffers from an arbitrary file upload vulnerability. Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.1...

7.2CVSS7.3AI score0.06258EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•185 views

šŸ“„ Microsoft Windows 11 build 10.0.22631.6199 Dual-Path Privilege Escalation

Proof of concept exploit for a Microsoft Windows 11 build 10.0.22631.6199 dual-path elevation of privilege vulnerability in undocumented RPC and debugging objects...

7.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•147 views

šŸ“„ openSIS Community Edition 8.0 SQL Injection

openSIS Community Edition version 8.0 suffers from a remote SQL injection vulnerability. Exploit Title: openSIS Community Edition 8.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/OS4ED/openSIS-Classic Software Link:...

9.8CVSS8.2AI score0.0521EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•142 views

šŸ“„ RosarioSIS 6.7.2 Cross Site Scripting

RosarioSIS version 6.7.2 suffers from multiple cross site scripting vulnerabilities. Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link:...

6.1CVSS6.7AI score0.06325EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•145 views

šŸ“„ phpIPAM 1.5.1 SQL Injection

phpIPAM version 1.5.1 suffers from a remote SQL injection vulnerability. Exploit Title: phpIPAM 1.5.1 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windo...

7.2CVSS8.2AI score0.0305EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/03 12:0 a.m.•144 views

šŸ“„ phpMyFAQ 3.1.7 Cross Site Scripting

phpMyFAQ version 3.1.7 suffers from a cross site scripting vulnerability. This one is similar to the finding posted in April of this year but is an older issue identified in 2022. Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor...

7.3CVSS6.3AI score0.05743EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•142 views

šŸ“„ macOS Sonoma 14.5 Denial of Service

macOS Sonoma version 14.5 has a vulnerability in the AV1Syntax::ParseHeader function that can allow for a kernel crash. ============================================================================================================================================= | Title : macOS Sonoma 14.5 potenti...

6.5CVSS6.5AI score0.00343EPSS
Exploits1
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•170 views

šŸ“„ Microsoft Windows 10 Famille 10.0.19045.5487 DLL Hijacking

Microsoft Windows 10 Famille version 10.0.19045.5487 suffers from a DLL hijacking vulnerability that enables privilege escalation. ============================================================================================================================================= | Title : Microsoft...

7.8CVSS7.9AI score0.25222EPSS
Exploits7
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•159 views

šŸ“„ libxslt Key Data Storage 1.1.38 Use-After-Free / Memory Corruption

libxslt Key Data Storage version 1.1.38 suffers from an improper handling of Result Value Trees RVTs when evaluating XSLT keys that can result in memory corruption...

7AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•151 views

šŸ“„ Microsoft Windows 10 Famille 10.0.19045.5487 Privilege Escalation

Microsoft Windows 10 Famille version 10.0.19045.5487 suffers from a parent PID spoofing privilege escalation vulnerability. ============================================================================================================================================= | Title : Microsoft Windows 10...

7.8CVSS8.1AI score0.25222EPSS
Exploits7
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•220 views

šŸ“„ Android 13 Quram DNG Codec Memory Corruption

An out-of-bounds read/write vulnerability in Samsung's Quram image codec library libimagecodec.quram.so is triggered when the library processes a maliciously crafted image file, causing memory access outside the intended buffer boundaries...

7.5CVSS7.1AI score0.00271EPSS
Exploits2
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•193 views

šŸ“„ libxml2 2.9.14 (2022) Heap Buffer Overflow

libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. ============================================================================================================================================= | Title : libxml2 2.9.14...

7.5CVSS7.2AI score0.01375EPSS
Exploits3
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•190 views

šŸ“„ Microsoft PowerPoint 2019 Use-After-Free

This Metasploit module exploits a use-after-free vulnerability in Microsoft PowerPoint that allows remote code execution when a user opens a specially crafted PPTX file. The vulnerability is triggered through manipulated shape objects in the PowerPoint presentation...

7.8CVSS7.7AI score0.02054EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•224 views

šŸ“„ Microsoft SharePoint Server ToolPane Authentication Bypass / Unsafe Deserialization

Proof of concept exploit for Microsoft SharePoint server that chains authentication bypass with unsafe deserialization to achieve complete system compromise without authentication...

9.8CVSS7.8AI score0.99982EPSS
Exploits41
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•229 views

šŸ“„ PX4 Military UAV Autopilot 1.12.3 Denial of Service

This proof of concept exploits a stack-based buffer overflow vulnerability in PX4 Military UAV Autopilot versions up to 1.12.3, allowing an attacker to send a poorly formatted MAVLink message that causes a denial of service condition...

4.8CVSS4.5AI score0.00901EPSS
Exploits5
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•170 views

šŸ“„ Microsoft Windows 10 Famille 10.0.19045.5487 (rundll32) Privilege Escalation

Microsoft Windows 10 Famille version 10.0.19045.5487 suffers from a rundll32 related privilege escalation vulnerability. ============================================================================================================================================= | Title : Microsoft Windows 10...

7.8CVSS8.1AI score0.25222EPSS
Exploits7
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•241 views

šŸ“„ WhatsApp Android Contact Gating Bypass

WhatsApp Android has a contact gating bypass in groups that leads to interaction-less media download. Background To prevent security issues and spam, WhatsApp for Android requires some form of user interaction to automatically download files from non-contacts: a. After adding someone as a contact...

6.9AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/12/02 12:0 a.m.•169 views

šŸ“„ Language Sloth Directory Traversal

The Language Sloth Discord bot has been found susceptible to a directory traversal vulnerability. CVE-2025-65321 The Language Sloth Discord bot is vulnerable to Directory Traversal in the gif and png functions. The functions build file paths using unsanitized user input for the 'name' parameter,...

7AI score
Exploits3
Packet Storm
Packet Storm
•added 2025/12/01 12:0 a.m.•151 views

šŸ“„ Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 Build 135 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135...

9.8CVSS8.2AI score0.90067EPSS
Exploits5
Packet Storm
Packet Storm
•added 2025/12/01 12:0 a.m.•173 views

šŸ“„ macOS 18.3.2 Kernel Privilege Escalation

macOS version 18.3.2 proof of concept exploit for an old kernel related privilege escalation vulnerability. A critical memory management vulnerability exists within the macOS XNU kernel's handling of the VMBEHAVIORZEROWIREDPAGES behavior flag. The issue arises from improper sequence validation wh...

5.5CVSS7.2AI score0.01114EPSS
Exploits1
Packet Storm
Packet Storm
•added 2025/12/01 12:0 a.m.•151 views

šŸ“„ Exclusive Addons for Elementor 2.6.9 Cross Site Scripting

Exclusive Addons for Elementor versions 2.6.9 and below proof of concept that demonstrates a stored cross site scripting vulnerability. ============================================================================================================================================= | Title : Exclusive...

6.4CVSS6.3AI score0.01593EPSS
Exploits12
Packet Storm
Packet Storm
•added 2025/12/01 12:0 a.m.•150 views

šŸ“„ LG Simple Editor 3.21.0 Remote Command Injection

LG Simple Editor version 3.21.0 proof of concept remote command injection exploit. ============================================================================================================================================= | Title : LG Simple Editor 3.21.0 PHP Code Injection Vulnerability | |...

9.8CVSS7.8AI score0.87761EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/01 12:0 a.m.•181 views

šŸ“„ Commvault CLI 11.36.60 Remote Code Execution

Proof of concept exploit for the Commvault CLI version 11.36.60 remote code execution vulnerability. ============================================================================================================================================= | Title : Commvault CLI 11.36.60 RCE PHP Implementatio...

8.8CVSS8.2AI score0.20719EPSS
Exploits4
Packet Storm
Packet Storm
•added 2025/12/01 12:0 a.m.•180 views

šŸ“„ GuppY CMS 6.00.10 Shell Upload

Proof of concept exploit demonstrating a remote shell upload vulnerability in GuppY CMS version 6.00.10. ============================================================================================================================================= | Title : GuppY CMS 6.00.10 php Code Execution...

7.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/11/28 12:0 a.m.•190 views

šŸ“„ WinRAR 6.22 Malicious ZIP Creation

This Metasploit module exploits a logical flaw in WinRAR versions before 6.23. The vulnerability allows attackers to create specially crafted ZIP archives that, when opened, execute arbitrary code by exploiting the file extraction logic when a user double-clicks on a file within the archive that...

7.8CVSS7.6AI score0.97798EPSS
Exploits49
Packet Storm
Packet Storm
•added 2025/11/28 12:0 a.m.•181 views

šŸ“„ Wing FTP Server 8.0.7 Remote Code Execution

A NULL-byte truncation vulnerability in Wing FTP Server allows bypassing an authentication prefix check, allowing the payload to reach Lua execution contexts. Version 8.0.7 is affected...

10CVSS7.2AI score0.95343EPSS
Exploits23
Packet Storm
Packet Storm
•added 2025/11/28 12:0 a.m.•181 views

šŸ“„ Microsoft Windows 10.0.17763.5458 Kernel IOCTL Access Control

Microsoft Windows version 10.0.17763.5458 Kernel IOCTL access control proof of concept Metasploit module. ============================================================================================================================================= | Title : Windows 10.0.17763.5458 Kernel IOCTL...

7.8CVSS9.2AI score0.51865EPSS
Exploits13
Packet Storm
Packet Storm
•added 2025/11/28 12:0 a.m.•214 views

šŸ“„ FreePBX 17.0.3 SQL Injection

FreePBX version 17.0.3 proof of concept unauthenticated remote SQL injection exploit that leverages ajax.php. ============================================================================================================================================= | Title : FreePBX 17.0.3 Unauthenticated SQL...

10CVSS8.3AI score0.93286EPSS
Exploits20
Total number of security vulnerabilities50738