Lucene search
K
PacketstormRecent

50736 matches found

Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.53 views

📄 Langflow 1.3.0 Remote Code Execution

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. Exploit Title: Langflow 1.3.0 - Remote...

9.8CVSS8.1AI score0.10371EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.70 views

📄 CubeCart 6.x.x Cross Site Scripting

CubeCart versions prior to 6.7.0 suffer from a cross site scripting vulnerability. Exploit Title: CubeCart alert"Test!" 3- Press Enter. 4- Observe the alert box popping up on the screen, confirming the XSS execution. Alternative Direct Link:...

6.1CVSS5.3AI score0.00697EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.55 views

📄 OpenCATS 0.9.7.4 SQL Injection

OpenCATS version 0.9.7.4 suffers from a remote SQL injection vulnerability. Exploit Title: OpenCATS 0.9.7.4 - SQL Injection Exploit Author: Gabriel Rodrigues TEXUGO from HAKAI Vendor Homepage: https://www.opencats.org Software Link: https://github.com/opencats/OpenCATS Version: 1 else...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.57 views

📄 D-Link DSL2600U Password Disclosure

D-Link DSL2600U suffers from an administrative password disclosure vulnerability. Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmwar...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.58 views

📄 EspoCRM 9.3.3 Server-Side Request Forgery

EspoCRM version 9.3.3 suffers from an authenticated server-side request forgery vulnerability. Exploit Title: EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation Google Dork: N/A Date: 2026-05-08 Exploit Author: Max Gabriel https://github.com/EntroVyx Vendor Homepage:...

4.3CVSS5.8AI score0.01978EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.68 views

📄 WordPress Quick Playground 1.3.1 Shell Upload

Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...

9.8CVSS5.8AI score0.03092EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.60 views

📄 WordPress Temporary Login 1.0.0 Authentication Bypass

WordPress Temporary Login plugin versions 1.0.0 and below suffer from an authentication bypass vulnerability. Exploit Title: Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage...

9.8CVSS5.8AI score0.09246EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.60 views

📄 strongSwan 5.9.13 Buffer Overflow

strongSwan version 5.9.13 suffers from a pre-authentication heap buffer overflow vulnerability. Exploit Title: strongSwan 5.9.13 - heap buffer overflow Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link:...

6AI score
Exploits3
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.56 views

📄 Casdoor 3.54.1 Arbitrary File Write / Path Traversal

Casdoor versions prior to 3.54.1 suffer from an arbitrary file write vulnerability via a path traversal. This can result in remote code execution via a shell upload or ssh key injection. Exploit Title: Casdoor 3.54.1 - Arbitrary File Write via Path Traversal Date: 2026-05-11 Exploit Author: sixpa...

5.9CVSS6.5AI score0.00513EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.62 views

📄 ImageMagick 7.x Denial of Service

ImageMagick versions 7.x suffer from an infinite loop issue in the MIFF decoder that can lead to CPU exhaustion. Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec...

5.8AI score0.01849EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/05/28 12:0 a.m.70 views

📄 WebFileSys 2.31.1 Cross Site Scripting

WebFileSys version 2.31.1 suffers from multiple cross site scripting vulnerabilities. CVE-2026-29971 An attacker can execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking or privilege escalation. CVE-2026-29971 Vulnerability Reflected Cross-Site Scripting...

6.1CVSS5.3AI score0.00299EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/27 12:0 a.m.68 views

📄 Windows Shell LNK Spoofing / NTLMv2 Hash Capture

A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv2 hashes without user interaction. By crafting a malicious .lnk shortcut file with a UNC path pointing to an attacker-controlled SMB server, the target's Windows system automatically sends an NTLMv2...

9.1CVSS7.5AI score0.64095EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.57 views

📄 ZTE ZXHN H188A V6 Authentication Bypass

Unauthenticated requests to the root path of ZTE ZXHN H188A V6 firmware can reach pre-login wizard handlers and disclose WLAN PSKs, SSIDs, and PPPoE usernames. The leaked Wi-Fi password is also the default administrator password after uppercasing, resulting in full authentication bypass. -----BEG...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.96 views

📄 Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection

Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...

9.3CVSS6.5AI score0.00941EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.89 views

📄 ZTE ZXHN Router Denial of Service

The CGILua post.lua parser used in ZTE ZXHN routers does not enforce an upper bound on the body size of application/x-www-form-urlencoded POST requests. An unauthenticated attacker can crash or freeze the router's web management service by sending a single HTTP POST request with an oversized body...

7.5CVSS5.9AI score0.02376EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.70 views

📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection

This Metasploit module is for WordPress Supsystic Contact Form plugin versions 1.7.36 and below. The plugin suffers from a server-side template injection vulnerability that allows for remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS6.1AI score0.41475EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.69 views

📄 ZTE ZXHN H168N 3.5 Credential Disclosure

The ZTE ZXHN H168N V3.5 firmware exposes quick-setup wizard endpoints that return PPPoE credentials ADUsername, VDUsername and the WLAN KeyPassphrase via the GetPassword action without requiring authentication. The firmware routing allowlists these endpoints through a QuickSetupEnable branch. In...

6.5CVSS6.6AI score0.00921EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.75 views

📄 ZTE ZXHN H298A / H108N Credential Disclosure

A single unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 on ZTE H298A or H108N routers returns the live administrator password OBJUSERINFOIDPassword1, WLAN PSK WLANPSKKeyPassphrase1, and SSID in plaintext HTML. A second endpoint exposes the device serial number. -----BEGIN SECURITY...

7.5CVSS5.8AI score0.24681EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/21 12:0 a.m.70 views

📄 Lenovo LegionSpace 1.7.11.2 Unquoted Service Path

Lenovo LegionSpace version 1.7.11.2 suffers from an unquoted service path vulnerability. Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path Exploit Author: CENACIF-MX Discovery Date: 2025-12-04 Vendor Homepage: https://support.lenovo.com/es/es/solutions/legionspace...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/21 12:0 a.m.69 views

📄 BookStack 25.12.1 Denial of Service

BookStack version 25.12.1 suffers from a denial of service vulnerability. Exploit Title: BookStack 25.12.1 - Denial of Service Search Terms Resource Exhaustion Date: 2026-04-29 Exploit Author: Gabriel Rodrigues TEXUGO Vendor Homepage: https://www.bookstackapp.com Software Link:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/21 12:0 a.m.94 views

📄 FUXA 1.2.9 Remote Code Execution

FUXA versions 1.2.9 and below suffers from an unauthenticated path traversal vulnerability that leads to arbitrary file write that enables remote code execution. Exploit Title: FUXA 1.2.9 - RCE Date: 4/24/2026 Exploit Author: Anthony Cihan Hann1bl3L3ct3r Vendor Homepage:...

9.8CVSS6.2AI score0.02675EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/21 12:0 a.m.86 views

📄 Cockpit 359 Remote Code Execution

Cockpit versions 357 through 359 suffer from a remote code execution vulnerability. Exploit Title: Cockpit 359 - RCE Date: 18-04-2026 Exploit Author: @intx0x80 Vendor Homepage: https://cockpit-project.org/ Software Link: https://github.com/cockpit-project/cockpit Version: 327-359 Tested on: Debai...

9.8CVSS6.4AI score0.142EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/21 12:0 a.m.107 views

📄 dompdf Remote Code Execution

This Metasploit module exploits CVE-2022-28368, a remote code execution vulnerability in dompdf versions prior to 1.2.1. The vulnerability exists because dompdf preserves the original file extension when caching fonts downloaded via CSS @font-face rules. By pointing a @font-face src to a .php fil...

9.8CVSS6.4AI score0.82438EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.93 views

📄 Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution

This Metasploit module exploits CVE-2023-7102, an arbitrary code execution vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the Amavis scanner processes Excel attachments using the Perl Spreadsheet::ParseExcel library. The librarys Utility.pm...

9.8CVSS8AI score0.43323EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.89 views

📄 ZTE ZXHN H298A 1.1 / H108N 2.6 Unauthenticated Credential Disclosure

ZTE ZXHN H298A 1.1 and H108N 2.6 suffer from an unauthenticated credential exposure vulnerability via the ETHCheat parameter in getpage.lua. Title: ZTE ZXHN H298A 1.1 / H108N 2.6 - Unauthenticated Credential Exposure ETHCheat Parameter Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE...

7.5CVSS5.8AI score0.24681EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.79 views

📄 ZTE Unauthenticated Denial of Service

ZTE routers 17+ models suffer from an unauthenticated denial of service vulnerability via an oversized POST body. Title: ZTE Routers 17+ Models - Unauthenticated Denial of Service via Oversized POST Body Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2026-34473 Vendor: ZTE...

7.5CVSS5.8AI score0.02376EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.76 views

📄 ZTE ZXHN H168N 3.6 Credential Leak / Admin Compromise

ZTE ZXHN H168N version 3.5 suffers from a password leak vulnerability that leads to full administrative compromise. Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Leak to Full Admin Compromise Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2021-21735 Vendor: ZT...

6.5CVSS6.6AI score0.00921EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.97 views

📄 ZTE ZXHN H188A 6 Authentication Bypass / Credential Disclosure

ZTE ZXHN H188A version 6 suffers from an authentication bypass vulnerability via a pre-login wizard credential leak. Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login Wizard Credential Leak Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2026-34472 Vendor: ZTE...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.80 views

📄 Bichon 1.0.2 Bearer Access Token Disclosure

Bichon version 1.0.2 accepts Bearer access tokens via GET requests which has the negative side affect of being disclosed in logs, REFERER headers, and more. Bichon 1.0.2 Bearer Access Token Accepted via Query String + Logged ===================================================================...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.59 views

📄 Lobster_pro Arbitrary File Read / Server-Side Request Forgery

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP...

7.7CVSS6AI score0.0047EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.60 views

📄 Bichon 1.0.2 Privilege Escalation

Bichon version 1.0.2 suffers from a vertical privilege escalation vulnerability via the account role assignment functionality. Bichon 1.0.2 Vertical Privilege Escalation via Account Role Assignment ====================================================================== Vendor: rustmailer Product:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.100 views

📄 CPanel/WHM CRLF Injection / Authentication Bypass / Remote Code Execution

This Metasploit module exploits CVE-2026-41940, a CRLF injection in cPanel/WHMs cpsrvd daemon that allows unauthenticated remote code execution as root. The Basic-auth handler writes the password to the raw session file without stripping newlines. Omitting the ob-part of the session cookie bypass...

9.8CVSS6.7AI score0.981EPSS
Exploits64
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.58 views

📄 4D Server Server-Side Request Forgery / Arbitrary File Read

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP SIGNED...

8.7CVSS6AI score0.00447EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.68 views

📄 Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure

Bichon version 1.0.2 suffers from a SOCKS5 proxy topology disclosure vulnerability via /list-proxy. Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure via /list-proxy ============================================================= Vendor: rustmailer Product: Bichon - self-hosted email archiving server...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/15 12:0 a.m.68 views

📄 HUSTOJ Zip Slip / Remote Code Execution

This Metasploit module demonstrates a remote code execution vulnerability in HUSTOJ. A user with administrative privileges can abuse the problemimportqduoj.php CGI script using a crafted zip file zip-slip to traverse backwards through the filesystem, then to the webroot, where they can extract a...

9.8CVSS6.5AI score0.07895EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.69 views

📄 Apache HertzBeat 1.8.0 Remote Command Execution

Apache HertzBeat version 1.8.0 suffers from a remote command execution vulnerability via the scriptCommand parameter in a monitoring template definition. Exploit Title: Apache HertzBeat 1.8.0 - Remote Code Execution Google Dork: N/A Date: 2026-03-09 Exploit Author: Brett Gervasoni Vendor Homepage...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.68 views

📄 GestioIP 3.5.7 Remote Command Execution

This Metasploit module exploits a command execution via file upload. If GestioIP is configured to use no authentication for admin account, no password is required to exploit the vulnerability. Otherwise, an authenticated user with admin right on the web site is required to exploit. This module...

9.8CVSS5.9AI score0.45109EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.62 views

📄 ePati Antikor NGFW 2.0.1301 Authentication Bypass

ePati Antikor NGFW version 2.0.1301 suffers from an authentication bypass vulnerability. Exploit Title: ePati Antikor NGFW 2.0.1301 - Authentication Bypass Date: 2026-04-13 Exploit Author: SADIK ERTÜRK Vendor Homepage: https://www.epati.com.tr/ Software Link: https://www.epati.com.tr/antikor-ngfw...

9.8CVSS5.8AI score0.02194EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.81 views

📄 Dolibarr ERP/CRM Authenticated Code Injection

Dolibarr ERP/CRM versions prior to 17.0.1 allow remote code execution by an authenticated user who has access to the Website module. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dolibarr...

8.8CVSS6.4AI score0.79335EPSS
Exploits16
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.58 views

📄 PJPROJECT 2.16 Buffer Overflow

PJPROJECT versions 2.16 and below suffer from a heap buffer overflow vulnerability. Exploit Title: PJPROJECT 2.16 - Heap Bufferoverflow Google Dork: CVE-2026-25994 PJSIP PJNATH pjsip ≤ 2.16 Date: Apr 6 2026 Exploit Author: V.Nos - BinSmaser Team Vendor Homepage: https://github.com/pjsip/pjproject...

9.8CVSS6AI score0.01927EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.56 views

📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection

Proof of concept code execution exploit for a server-side template injection vulnerability in WordPress Supsystic Contact Form plugin versions 1.7.36 and below Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage:...

9.8CVSS6.2AI score0.41475EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/05/13 12:0 a.m.69 views

📄 Glances 4.5.2 Command Injection

Glances version 4.5.2 suffers from a command injection vulnerability. !/usr/bin/env python3 Exploit Title: glances 4.5.2 - command injection Date: 2026-04-09 Exploit Author: Stepanov Daniil Vendor Homepage: https://github.com/nicolargo/glances Software Link: https://github.com/nicolargo/glances...

7.8CVSS5.8AI score0.00866EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/13 12:0 a.m.77 views

📄 Event Booking Calendar 5.0 Cross Site Scripting

Event Booking Calendar version 5.0 suffers from a cross site scripting vulnerability. Titles: Event Booking Calendar-5.0 Cross-site scripting reflected Author: nu11secur1ty Date: 5/13/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/ Reference:...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/13 12:0 a.m.65 views

📄 Espanso 2.3.0 Shell Extension Arbitrary Command Execution

The Shell extension in Espanso version 2.3.0 allows arbitrary command execution. An attacker who can modify the match configuration file can inject shell commands that execute when the user types the trigger. No restart required. Exploit Title: Espanso v2.3.0 - Shell Extension Arbitrary Command...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/13 12:0 a.m.83 views

📄 Flowise Missing Authentication

Proof of concept for Flowise versions prior to 3.0.5 that suffer from a missing authentication vulnerability. Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/...

9.8CVSS6AI score0.50118EPSS
Exploits14
Packet Storm
Packet Storm
added 2026/05/13 12:0 a.m.61 views

📄 Espanso 2.3.0 Shell and Script Extension Arbitrary Command Execution

The Shell and Script extensions in Espanso version 2.3.0 allow arbitrary command execution. No restart required. Config changes take effect immediately. Exploit Title: Espanso v2.3.0 - Shell & Script Extension Arbitrary Command Execution RCE Date: 2026-05-13 Exploit Author: Chokri Hammedi Softwar...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/12 12:0 a.m.87 views

📄 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload / Traversal

WordPress Ninja Forms - File Uploads plugin versions 3.3.26 and below arbitrary file upload exploit. !/usr/bin/env python3 """ Ninja Forms Upload - CVE-2026-0740 Author : Xenon1337 """ from future import annotations import pathlib import random import sys import re from datetime import datetime...

9.8CVSS5.9AI score0.54254EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.95 views

📄 Grafana 11.2.0 Server-Side Request Forgery

This Python script targets a server-side request forgery vulnerability in Grafana version 11.2.0. It abuses a path traversal flaw in the /render endpoint to make the server send requests to internal or otherwise restricted resources...

7.6CVSS7.3AI score0.97809EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.81 views

📄 Adobe DNG SDK Integer Overflow Proof of Concept Generator

This is a proof of concept tool to generate an integer overflow condition in the Adobe DNG SDK to achieve arbitrary code execution. integer overflow during image processing...

5.5CVSS6.2AI score0.00179EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.70 views

📄 Car Rental Script 4.0 Cross Site Scripting

Car Rental Script version 4.0 suffers from a cross site scripting vulnerability. Titles: Car-Rental-Script4.0-XSS-Reflected Cross-site scripting reflected Author: nu11secur1ty Date: 05/08/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference:...

5.3AI score
Exploits0
Total number of security vulnerabilities50736