Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2025/01/16 12:0 a.m.258 views

Cleo LexiCom / VLTrader / Harmony 5.8.0.23 Remote Code Execution

This Metasploit module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

9.8CVSS9.8AI score0.98529EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/01/16 12:0 a.m.200 views

Bruno IDE Desktop Command Injection

A command injection vulnerability in the function shell.openExternal of Bruno IDE Desktop prior to version 1.29.0 allows attackers to execute arbitrary commands by supplying a crafted URL, leading to potential remote code execution. ===== Tempest Security Intelligence - ADV-10/2024...

6.5CVSS7.3AI score0.00623EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/01/15 12:0 a.m.270 views

OCLS MSMS-PHP 1.0 Shell Upload

OCLS MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability. Titles: OCLS MSMS-PHP by: oretnom23 v1.0 -Copyright © 2025. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/15/2025 Vendor: https://github.com/oretnom23...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.136 views

WordPress linkID 0.1.2 Missing Authorization / Information Disclosure

WordPress linkID plugin versions 0.1.2 and below suffers from a missing authorization vulnerability that results in information disclosure. CVE-2024-12542 linkID = 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure Description The linkID plugin for WordPress is...

8.6CVSS8.8AI score0.01289EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.186 views

WordPress Partners 0.2.0 PHP Object Injection

WordPress Partners plugin versions 0.2.0 and below suffer from a deserialization vulnerability. CVE-2024-56059 Partners = 0.2.0 - Unauthenticated PHP Object Injection Description The Partners plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 0.2.0 via...

9.8CVSS9.7AI score0.0166EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.142 views

WordPress Chartify 2.9.5 Local File Inclusion

WordPress Chartify plugin versions 2.9.5 and below suffers from a local file inclusion vulnerability. CVE-2024-10571 Chartify – WordPress Chart Plugin = 2.9.5 - Unauthenticated Local File Inclusion via source Description The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to...

9.8CVSS9.4AI score0.04841EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.160 views

WordPress SuperBackup 2.3.3 Missing Authorization

WordPress SuperBackup plugin versions 2.3.3 and below suffer from a backup disclosure due to a missing authorization vulnerability. CVE-2024-56067 WP SuperBackup = 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download Description The Super Backup & Clone - Migrate for WordPress...

7.5CVSS8AI score0.10034EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.152 views

Microweber 2.0.9 Cross Site Scripting

Microweber versions 2.0.9 and below suffer from multiple persistent cross site scripting vulnerabilities. CVE-2024-33298 Stored Cross Site Scripting vulnerability in Microweber .jpg on /media/default/ 6. Go back to the endpoint /admin/module/view?type=adminbackup and click on "Upload file" 7...

6.1CVSS5.5AI score0.0109EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.195 views

WordPress ARPrice 4.0.3 PHP Object Injection

WordPress ARPrice plugin versions 4.0.3 and below suffer from an authenticated PHP object injection vulnerability. CVE-2024-49699 ARPrice = 4.0.3 - Authenticated Subscriber+ PHP Object Injection Description The ARPrice plugin for WordPress is vulnerable to PHP Object Injection in versions up to,...

8.8CVSS9AI score0.0076EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.208 views

WordPress SuperBackup 2.3.3 Shell Upload

WordPress SuperBackup plugin versions 2.3.3 and below suffer from a remote shell upload vulnerability. CVE-2024-56064 WP SuperBackup = 2.3.3 - Unauthenticated Arbitrary File Upload Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file...

10CVSS9.6AI score0.14488EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.154 views

WordPress VRPConnector 2.0.1 PHP Object Injection

WordPress VRPConnector plugin versions 2.0.1 and below suffer from an unauthenticated PHP object injection vulnerability. CVE-2024-56058 VRPConnector = 2.0.1 - Unauthenticated PHP Object Injection Description The VRPConnector plugin for WordPress is vulnerable to PHP Object Injection in versions ...

9.8CVSS10AI score0.0166EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.183 views

WordPress Fancy Product Designer 6.4.3 SQL Injection

WordPress Fancy Product Designer plugin versions 6.4.3 and below suffers from an unauthenticated remote SQL injection vulnerability. CVE-2024-51818 Fancy Product Designer = 6.4.3 - Unauthenticated SQL Injection Description The Fancy Product Designer plugin for WordPress is vulnerable to SQL...

9.3CVSS9.9AI score0.16259EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.222 views

WordPress CF Internal Link Shortcode 1.1.0 SQL Injection

WordPress CF Internal Link Shortcode plugin versions 1.1.0 and below suffer from a remote SQL injection vulnerability. CVE-2024-12404 CF Internal Link Shortcode = 1.1.0 - Unauthenticated SQL Injection Description The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection v...

7.5CVSS8.7AI score0.00778EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/01/14 12:0 a.m.180 views

WordPress Event Monster 1.4.3 Information Disclosure

WordPress Event Monster plugin versions 1.4.3 and below suffer from an information disclosure vulnerability. CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress ...

5.3CVSS6.2AI score0.01942EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/01/13 12:0 a.m.204 views

Linux inotify_rm_watch() Race Condition / Use-After-Free

Linux suffers from a race condition in inotifyrmwatch with umount that can lead to a superblock-related use-after-fre condition. Summary There's a UAF race between inotifyrmwatch and umount; my guess is that it is hard to hit at least when paniconoops is enabled because a more likely race orderin...

7.8CVSS7.6AI score0.00212EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/01/13 12:0 a.m.225 views

QNAP Symlink Remote Code Execution

The QNAP operating system suffers from a symlinking vulnerability. It is possible to upload a symlink trough a ZIP file and abuse the encrypt/decrypt function to gain an arbitrary file write primitive which can be turned into remote code execution. An attacker with privileges of a regular user ca...

8.7CVSS8AI score0.20112EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/01/13 12:0 a.m.152 views

Qsync Central Path Traversal / Information Disclosure

Qsync Central suffers from a symlink attack via an uploaded zip file that results in traversal and information disclosure. Qsync Central versions 4.4.0.1620240819 2024/08/19 and later address this issue. https://packetstorm.news/download/188634...

6.8CVSS6.3AI score0.01394EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/01/13 12:0 a.m.151 views

Adobe Commerce 2.4.7 XML Injection / Code Execution

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an improper restriction of XML External Entity Reference XXE vulnerability that could result in arbitrary code execution. https://packetstorm.news/download/188633...

9.8CVSS10AI score0.99994EPSS
Exploits26
Packet Storm
Packet Storm
added 2025/01/13 12:0 a.m.152 views

WebKit DocumentFontLoader::fontLoadingTimerFired Use-After-Free

WebKit suffers from a use-after-free vulnerability in DocumentFontLoader::fontLoadingTimerFired. https://packetstorm.news/download/188628...

6.5CVSS7.6AI score0.14492EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/01/13 12:0 a.m.139 views

Netsweeper Privilege Escalation

Netsweeper allows for unauthorized changes to the account owner field due to a lack of server-side controls. Patched in NS1271GA. Description: Netsweeper's account management interface allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/13 12:0 a.m.164 views

Zed Attack Proxy 2.16.0 Cross Platform Package

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.130 views

CISA: Business Case for Security Infographic

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.141 views

CISA: Bomb-Making Materials Awareness Program (BMAP) Overview

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.119 views

CISA: STS Scenarios Workshop 1 Scenario 4 New Wave of Cooperation

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.205 views

CISA: Chemical Facility Anti-Terrorism Standards (CFATS) Risk Tiering

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.221 views

CISA: CFATS and the Personnel Surety Program (PSP) Overview

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.128 views

CISA: Strategies for Effectively Blending Cyber and Physical Security within Critical Infrastructure

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.113 views

CISA: DHS OSAI-OBP Partnership Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.134 views

CISA: DHS Election Infrastructure Security Funding Consideration

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.117 views

CISA: BMAP Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.147 views

CISA: NETF Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.125 views

CISA: Emergency Response Planning Guidelines

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.138 views

CISA: Security and Resiliency Guide - Outdoor Events Annex

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.146 views

CISA: Extreme Weather Impacts

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.154 views

CISA: STS Threat Timelines Facilitator Guide

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.128 views

CISA: Mitigating Attacks on Houses of Worship Security Guide - Spanish Translation

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.118 views

CISA: Security and Resiliency Guide - Sports Leagues and Venues Annex

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.108 views

CISA: U.S. Electoral Process Infographic

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.252 views

CISA: DHS-DOJ Bomb Threat Guidance Quad-Fold

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.163 views

CISA: ILT Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.141 views

CISA: Actions to Improve Chemical Facility Safety and Security - a Shared Commitment (Report for the President, May 2014)

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.130 views

CISA: Chemical Sector 101

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.143 views

CISA: TRIPwire Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.146 views

CISA: Suspicious UAS Identification Postcard

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.107 views

CISA: Air Domain Awareness

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.123 views

CISA: CISA Chemical Security’s International Initiatives

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.118 views

CISA: Reducing the Threat of Improvised Explosive Device Attacks by Restricting Access to Explosive Precursor Chemicals

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.133 views

CISA: Supply Chain Risk Management

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.140 views

CISA: Cybersecurity Evaluation Tool (CSET) Seminar Presentation

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.141 views

CISA: 2019 ISC Annual Review

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Total number of security vulnerabilities50738