Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2025/04/10 12:0 a.m.267 views

📄 CodeAstro Online Railway Reservation System 1.0 Cross Site Scripting

CodeAstro Online Railway Reservation System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0 Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link:...

5.1CVSS4AI score0.01128EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/09 12:0 a.m.263 views

📄 MaxTime Database Editor 1.9 Authentication Bypass

MaxTime Database Editor version 1.9 suffers from an authentication bypass vulnerability. This CVE also notes the same flow can be used to execute arbitrary code. Exploit Title: MaxTime Database Editor 1.9 Authentication Bypass Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red...

9.8CVSS7.5AI score0.02368EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/04/09 12:0 a.m.230 views

📄 Apache HugeGraph Server 1.2.0 Remote Code Execution

Apache HugeGraph Server version 1.2.0 suffers from a remote code execution vulnerability. Exploit Title: Apache HugeGraph 1.2.0 Remote Code Execution Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://hugegraph.apache.org/docs/download/download/ Version: Apache HugeGraph 1.0....

9.8CVSS9.9AI score0.9921EPSS
Exploits11
Packet Storm
Packet Storm
added 2025/04/09 12:0 a.m.247 views

📄 DocsGPT 0.12.0 Remote Code Execution

DocsGPT version 0.12.0 suffers from a remote code execution vulnerability. Exploit Title: DocsGPT 0.12.0 - Remote Code Execution Date: 09/04/2025 Exploit Author: Shreyas Malhotra OSMSEC Vendor Homepage: https://github.com/arc53/docsgpt Software Link:...

9.3CVSS9.1AI score0.15099EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/09 12:0 a.m.280 views

📄 Artica Proxy 4.50 Remote Code Execution

Artica Proxy version 4.50 suffers from a remote code execution vulnerability due to insecure deserialization. Exploit Title: CVE-2024-2054 Artica-Proxy administrative web application insecure deserialization RCE Google Dork: Date: 23-04-2024 Exploit Author: Madan Vendor Homepage:...

9.8CVSS9.7AI score0.8126EPSS
Exploits9
Packet Storm
Packet Storm
added 2025/04/09 12:0 a.m.2354 views

📄 Vasion Print / PrinterLogic 83 Vulnerabilities

Vasion Print / PrinterLogic suffers from authentication bypass, remote code execution, cross site scripting, XML injection, server-side request forgery, secret disclosure, and so many other vulnerabilities. The magnitude of this report is quite impressive and it is rare to see such a thorough...

9.8CVSS7.6AI score0.01548EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.261 views

📄 XWiki Platform 15.10.10 Remote Code Execution

XWiki Platform version 15.10.10 suffers from a remote code execution vulnerability. Exploit Title: XWiki Platform - Remote Code Execution Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-24893 Vendor Homepage: https://www.xwiki.org/ Software Link:...

9.8CVSS7.8AI score0.99898EPSS
Exploits50
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.282 views

📄 InfluxDB OSS 2.7.11 Privilege Escalation

InfluxDB OSS versions 2.7.11 and below suffer from a privilege escalation vulnerability. Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Explo...

9.1CVSS9.1AI score0.05165EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.260 views

📄 WordPress User Registration and Membership 4.1.1 Privilege Escalation

WordPress User Registration and Membership plugin versions 4.1.1 and below suffer from a privilege escalation vulnerability. Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage...

8.1CVSS8.7AI score0.44413EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.237 views

📄 Nagios Xi 5.6.6 Remote Code Execution

Nagios Xi version 5.6.6 proof of concept authenticated remote code execution exploit. Exploit Title: Nagiosxi authenticated Remote Code Execution Date: 17/02/2024 Exploit Author: Calil Khalil Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios Xi 5.6.6 Tested on: Ubuntu CV...

9CVSS9AI score0.77741EPSS
Exploits13
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.203 views

📄 Bus Pass Management System 1.0 SQL Injection

Bus Pass Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Bus Pass Management System v1.0 - Unauthenticated Union Based SQLi Manuel Exploit Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.303 views

📄 Pandora FMS Authenticated Command Injection

This Metasploit module exploits a command injection vulnerability in the chromium-path or phantomjs-bin directory setting at the application settings page of Pandora FMS. You need to have administrative access in the Pandora FMS web application in order to achieve remote code execution. This modu...

8.6CVSS9.7AI score0.59424EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.579 views

📄 UNA CMS 14.0.0-RC4 PHP Object Injection

UNA CMS versions 14.0.0-RC4 and below suffer from a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php. ------------------------------------------------------------------------------------ UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability...

7.5AI score
Exploits1
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.684 views

📄 Oracle Access Manager Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated deserialization of untrusted data vulnerability in the OpenSSO Agent component of the Oracle Access Manager OAM product. The affected product versions are 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. This module requires Metasploit:...

9.8CVSS9.8AI score0.96284EPSS
Exploits15
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.210 views

📄 GeoVision GV-ASManager 6.1.0.0 Information Disclosure

GeoVision GV-ASManager versions 6.1.0.0 and below suffer from an information disclosure vulnerability. Exploit Title: Information Disclosure in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage:...

7.5CVSS8.2AI score0.22168EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.348 views

📄 Sony XAV-AX5500 1.13 Code Execution

Sony XAV-AX5500 version 1.13 suffers from a firmware update validation vulnerability that allows for code execution. Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage:...

6.8CVSS7.4AI score0.01761EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.335 views

📄 jQuery 3.3.1 Cross Site Scripting

jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...

6.1CVSS6.3AI score0.87218EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.162 views

📄 YesWiki 4.5.1 Path Traversal

YesWiki version 4.5.1 suffers from an unauthenticated path traversal vulnerability. Exploit Title: YesWiki 4.5.2 - Unauthenticated Path Traversal Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-31131 Vendor Homepage: https://yeswiki.net/ Software Link:...

8.6CVSS9.1AI score0.05366EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.236 views

📄 Reservit Hotel Cross Site Scripting

Reservit Hotel versions prior to 3.0 suffer from a persistent cross site scripting vulnerability. Exploit Title: Reservit Hotel Content 3. Add the following payload to the Button text French field sane save: " style=animation-name:rotation onanimationstart=alert/XSS/// 4. The XSS will trigger upo...

4.8CVSS6.2AI score0.0083EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.187 views

📄 Blood Bank and Donor Management System 2.4 Cross Site Scripting

Blood Bank and Donor Management System version 2.4 suffers from a cross site scripting vulnerability. Exploit Title: Blood Bank & Donor Management System v2.4 - Cross Site Scripting XSS Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.198 views

📄 Blood Bank and Donor Management System 2.4 SQL Injection

Blood Bank and Donor Management System version 2.4 suffers from a remote SQL injection vulnerability. Exploit Title: Blood Bank & Donor Management System v2.4 - Union Based SQLi Manuel Exploit Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.407 views

📄 Appsmith Remote Code Execution

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

9.8CVSS7.4AI score0.27733EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.306 views

📄 Watcharr 1.43.0 Remote Code Execution

Watcharr versions 1.43.0 and below suffer from a remote code execution vulnerability. CVE-2024-48827 exploit by Suphawith Phusanbai Affected Watcharr version 1.43.0 and below. import argparse import requests import json import jwt from pyfiglet import Figlet f = Figletfont='slant',width=100...

8.8CVSS8.2AI score0.02716EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.291 views

📄 WordPress Backup and Staging 1.21.16 Shell Upload

WordPress Backup and Staging plugin versions 1.21.16 and below suffer from a remote shell upload vulnerability. Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE Original Author: Patchstack hypothetical Exploit Author: Al Baradi Joy Exploit Date: April 5,...

9.8CVSS9.4AI score0.93709EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.302 views

📄 Palo Alto Networks Expedition 1.2.90.1 Privilege Escalation

Palo Alto Networks Expedition version 1.2.90.1 proof of concept exploit that allows for an administrative password reset. - Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool - Shodan Dork: html:"expedition project" - FOFA Dork: "expedition project" &&...

9.8CVSS10AI score0.91783EPSS
Exploits9
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.170 views

📄 AC Repair and Services System 1.0 SQL Injection

AC Repair and Services System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Titles: AC Repair and Services System - ARSS-1.0-Copyright©2025-Multiple-SQLi Author: nu11secur1ty Date: 04/05/2025 Vendor: https://github.com/oretnom23 Software:...

8.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.172 views

📄 WBCE CMS 1.6.3 Remote Code Execution

WBCE CMS version 1.6.3 suffers from an authenticated remote code execution vulnerability. Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.214 views

📄 WordPress Royal Elementor Addons 1.3.78 Shell Upload

WordPress Royal Elementor Addons plugin versions 1.3.78 and below suffer from a remote shell upload vulnerability. Exploit Title: WordPress Plugin Royal Elementor Addons = 1.3.78 - Unauthenticated Arbitrary File Upload RCE Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan...

9.8CVSS9.3AI score0.81695EPSS
Exploits18
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.233 views

📄 DataEase 2.4.0 Information Disclosure

DataEase version 2.4.0 suffers from a database configuration information disclosure vulnerability. - Exploit Title: DataEase Database Creds Extractor - Shodan Dork: http.html:"dataease" - FOFA Dork: body="dataease" && title=="DataEase" - Exploit Author: ByteHunter - Email: [email protected] ...

5.3CVSS5.2AI score0.16EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.177 views

📄 Invoice 1.0 SQL Injection / Shell Upload

Invoice version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass which in turn could be used to upload a shell. Titles: INVOICE-1.0-Copyright©2025-SQLi-Bypass-Authentication+FU+RCE Author: nu11secur1ty Date: 04/07/2025 Vendor: https://github.com/oretnom2...

8.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.420 views

📄 Microsoft SQL Server 2022 Missing Log Entry

Microsoft SQL Server 2022 fails to properly log when a security audit is configured for SERVERPERMISSIONCHANGEGROUP. Title: SQL Server 2022 Security Audit Failure Vulnerability Product: Microsoft SQL Server Affected Versions: 2022 RTM-CU18 KB5050771 Tested Versions: 2022 RTM-CU18 KB5050771 Fix:...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.280 views

📄 Kemal Framework 1.6.0 Path Traversal

Kemal Framework version 1.6.0 suffers from a path traversal vulnerability. Exploit Title: Kemal Framework 1.6.0 - Path Traversal Discovered by: Ahmet Ümit BAYRAM Discovered Date: 04.04.2025 Vendor Homepage: https://github.com/kemalcr Software Link:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.201 views

📄 WordPress Exclusive Addons for Elementor 2.6.9 Cross Site Scripting

Wordpress Exclusive Addons for Elementor plugin versions 2.6.9 and below suffer from a persistent cross site scripting vulnerability. Exploit Title: Exclusive Addons for Elementor ≤ 2.6.9 - Authenticated Stored Cross-Site Scripting XSS Original Author: Wordfence Security Team Exploit Author: Al...

6.4CVSS6.8AI score0.01593EPSS
Exploits12
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.317 views

📄 Apache Tomcat Remote Code Execution

Apache Tomcat has a path equivalence remote code execution vulnerability. Versions prior to 11.0.3, 10.1.35, and 9.0.98 are affected. Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage:...

9.8CVSS9.5AI score0.99945EPSS
Exploits46
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.196 views

📄 Kubio AI Page Builder 2.5.1 Local File Inclusion

Kubio AI Page Builder versions 2.5.1 and below suffer from a local file inclusion vulnerability. Exploit Title: Kubio AI Page Builder = 2.5.1 - Local File Inclusion LFI Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage:...

9.8CVSS8.7AI score0.76761EPSS
Exploits12
Packet Storm
Packet Storm
added 2025/04/04 12:0 a.m.253 views

📄 AppSmith 1.47 Remote Code Execution

AppSmith version 1.4.7 suffers from a remote code execution vulnerability. Exploit Title: AppSmith 1.47 - Remote Code Execution RCE Original Author: Rhino Security Labs Exploit Author: Nishanth Anand Exploit Date: April 2, 2025 Vendor Homepage: https://www.appsmith.com/ Software Link:...

6.5CVSS7.9AI score0.27733EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/04 12:0 a.m.253 views

📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Cross Site Scripting

Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster banner - Stored XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero,...

7.7CVSS6.4AI score0.00765EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/04 12:0 a.m.197 views

📄 ollama 0.6.4 Server-Side Request Forgery

ollama versions 0.6.4 and below suffer from a server-side request forgery vulnerability. Exploit Title: ollama 0.6.4 - SSRF Date: 2025-04-03 Exploit Author: sud0 Vendor Homepage: https://ollama.com/ Software Link: https://github.com/ollama/ollama/releases Version: =0.6.4 Tested on: CentOS 8 impor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/04 12:0 a.m.184 views

📄 Nagios Log Server 2024R1.3.1 Cross Site Scripting

Nagios Log Server versions 2024R1.3.1 and below suffer from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS Vulnerability in Nagios Log Server Privilege Escalation to Admin Date: 2025-04-02 Exploit Author: Seth Kraft Vendor Homepage: https://www.nagios.com/ Vendor...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/04 12:0 a.m.272 views

📄 Angular-Base64-Upload Library Remote Code Execution

Angular-Base64-Upload library unauthenticated remote code execution proof of concept exploit that affects versions prior to 0.1.21. !/bin/python3 Exploit Title: Unauthenticated RCE via Angular-Base64-Upload Library Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit...

9.8CVSS7.9AI score0.43683EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/04 12:0 a.m.273 views

📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Command Injection

Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a remote command injection vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster Config File - Remote Code Execution RCE Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antoni...

8.8CVSS7.6AI score0.14609EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.339 views

📄 SAP HTTP Request Smuggling

SAPGateBreaker HTTP request smuggling proof of concept exploit that demonstrates a vulnerability in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 ...

10CVSS9.2AI score0.97945EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.308 views

📄 Usermin 2.100 Username Enumeration

Usermin versions 2.100 and below suffer from a username enumeration vulnerability. Exploit Title: Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100...

5.3CVSS6.7AI score0.02621EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.325 views

📄 Vite 6.2.2 Arbitrary File Read

Vite versions 6.2.2 and below suffer from an arbitrary file read vulnerability. Exploit Title: Vite Arbitrary File Read - CVE-2025-30208 Date: 2025-04-03 Exploit Author: Sheikh Mohammad Hasan https://github.com/4mrr0r Vendor Homepage: https://vitejs.dev/ Software Link:...

5.3CVSS5.4AI score0.76736EPSS
Exploits28
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.424 views

📄 Tomcat Partial PUT Java Deserialization

This Metasploit module exploits a Java deserialization vulnerability in Apache Tomcats session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the tomcatrootdir/webapps/ROOT/ directory. For the exploit to...

9.8CVSS9AI score0.99945EPSS
Exploits46
Packet Storm
Packet Storm
added 2025/04/01 12:0 a.m.255 views

Ksenia Security Lares 4.0 Remote Code Execution

Ksenia Security Lares version 4.0 suffers from a remote code execution vulnerability. Exploit Title: Ksenia Security Lares 4.0 Home Automation Remote Code Execution Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLock' Isajlovska Vendor Homepage: https://www.kseniasecurity.com/e...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/01 12:0 a.m.639 views

Palo Alto Deep Packet Inspection Data Exfiltration

Palo Alto firewalls allow for exfiltration of data via multiple egress methodologies. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 3 vulnerabilities in Palo Alto Deep Packet Inspection mechanism Advisory URL:...

7.5CVSS7.4AI score0.03339EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/04/01 12:0 a.m.338 views

Ksenia Security Lares 4.0 Default Credentials

Ksenia Security Lares version 4.0 uses a weak set of default administrative credentials that can be found and used to gain full control of the system. Exploit Title: Ksenia Security Lares 4.0 Home Automation Default Credentials Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLoc...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/01 12:0 a.m.218 views

Ksenia Security Lares 4.0 Open Redirect

Ksenia Security Lares version 4.0 suffers from an open redirection vulnerability. Exploit Title: Ksenia Security Lares 4.0 Home Automation URL Redirection Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLock' Isajlovska Vendor Homepage: https://www.kseniasecurity.com/en/ Softwar...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/01 12:0 a.m.1557 views

Brocade Fabric OS Remote Code Execution / Information Disclosure

Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not limited to, remote code execution, information disclosure, man-in-the-middle, weak cryptography, and hardcoded key vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Titl...

8.6CVSS7.8AI score0.74513EPSS
Exploits3
Total number of security vulnerabilities50738