Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.81 views

📄 Adobe DNG SDK Integer Overflow Proof of Concept Generator

This is a proof of concept tool to generate an integer overflow condition in the Adobe DNG SDK to achieve arbitrary code execution. integer overflow during image processing...

5.5CVSS6.2AI score0.00179EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.70 views

📄 Car Rental Script 4.0 Cross Site Scripting

Car Rental Script version 4.0 suffers from a cross site scripting vulnerability. Titles: Car-Rental-Script4.0-XSS-Reflected Cross-site scripting reflected Author: nu11secur1ty Date: 05/08/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference:...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.69 views

📄 S2M Forgot Password Endpoint Token Exposure

This Python script demonstrates a security assessment targeting a forgot-password API endpoint in a digital payment platform operated by S2M, a company specializing in secure electronic transactions and payment processing solutions. The script sends a crafted POST request using a known email...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.85 views

📄 CairoSVG Denial of Service

CairoSVG versions prior to 2.9.0 suffer from a recursive denial of service vulnerability. CVE-2026-31899: Exponential DoS via Recursive Element Amplification in CairoSVG Keywords: CVE-2026-31899, CairoSVG, exponential DoS, SVG bomb, recursive use element, denial of service, XML amplification,...

7.5CVSS5.8AI score0.0049EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.97 views

📄 Contact Form by Supsystic 1.7.36 Server-Side Template Injection

Contact Form by Supsystic versions 1.7.36 and below server-side template injection exploit that achieves remote code execution. import requests import argparse import re import urllib.parse def checksstiurl, fieldname: printf" Testing SSTI on url with field fieldname..." Simple arithmetic test...

9.8CVSS6.1AI score0.41475EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.85 views

📄 Cisco ISE 2.2 Remote Code Execution

This Metasploit module exploits an unauthorized file upload vulnerability in Cisco ISE. A ZIP file containing a JSP file with a manipulated path path traversal is uploaded. The webshell is then extracted to the webapps folder...

10CVSS7.5AI score0.09805EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.99 views

📄 Fuel CMS 1.4.1 PHP Code Injection

This Metasploit module targets a remote code execution vulnerability in Fuel CMS version 1.4.1. The issue stems from improper input sanitization in the filter parameter, which is passed into a dangerous PHP evaluation eval context, enabling code injection...

9.8CVSS7.9AI score0.82937EPSS
Exploits17
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.69 views

📄 Pixa Bank 2.0 SQL Injection

Pixa Bank version 2.0 remote API SQL injection exploit. ================================================================================================================================== | Title : Pixa Bank 2.0 – API SQL Injection | | Author : indoushka | | Tested on : windows 11 FrPro / browser ...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.85 views

📄 strongSwan 4.5.0 EAP-TTLS Integer Underflow

This Metasploit auxiliary module is designed to detect a vulnerability in strongSwan's EAP-TTLS implementation, identified as CVE-2026-25075. The issue is related to an integer underflow in the handling of AVP Attribute-Value Pair length fields during IKE-related UDP communication...

8.7CVSS6AI score0.01013EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.88 views

📄 OSK Privilege Escalation

This PowerShell script acts as a wrapper/launcher for a compiled Windows exploit binary targeting the OSK On-Screen Keyboard privilege escalation vulnerability. ================================================================================================================================== | Tit...

7.8CVSS6AI score0.03239EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.67 views

📄 WordPress Madera 2.2.2 Local File Inclusion

This Python script exploits a local file inclusion vulnerability in the WordPress Madara theme. It interacts with the admin-ajax.php endpoint to load sensitive files from the server, potentially leading to the exposure of system or application data. It affects version 2.2.2...

9.8CVSS7.3AI score0.09094EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.123 views

📄 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution

This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. The vulnerability allows unauthenticated attackers to execute arbitrary system commands via crafted SOAP requests sent to the...

7.5CVSS7.7AI score0.99993EPSS
Exploits45
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.81 views

📄 MATLAB R2024a Code Execution / Information Disclosure

MATLAB R2024a suffers from a remote code execution vulnerability as well as a sandbox escape that allows for information disclosure. ================================================================================================================================== | Title : MATLAB R2024a RCE | |...

6.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.66 views

📄 telnetd 2.7 Buffer Overflow

telnetd version 2.7 addslc remote buffer overflow exploit that achieves root. Exploit Title: telnetd 2.7 - Buffer Overflow Google Dork: N/A Date: 2026-04-03 Exploit Author: Jeff Barron jeffaf Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils...

9.8CVSS7.7AI score0.23674EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.65 views

📄 Apache Airflow Databricks Provider Certificate Verification Bypass

The Apache Airflow Databricks Provider package disables TLS certificate verification when communicating with the Kubernetes API server during federated token exchange. Both the synchronous and asynchronous code paths use verify=False / ssl=False, allowing any attacker with network access within t...

4.8CVSS5.9AI score0.00355EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.72 views

📄 WordPress Chart 3.5.9 Missing Authentication

The Chartify WordPress Chart plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter without any nonce or capability checks...

5.3CVSS5.7AI score0.00331EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.73 views

📄 Dash-Uploader 0.7.0a2 Path Traversal

There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limited to remote code execution, application source code overwrite, stored cross site scripting, and persistent backdoor installation. CVE-2026-38360: Path...

9.8CVSS5.8AI score0.05982EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.60 views

📄 NocoBase 2.0.27 VM Sandbox Escape

NocoBase versions 2.0.27 and below VM sandbox escape exploit. Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: = 2.0.27 — patched in 2.0.28 Teste...

9.9CVSS6AI score0.36503EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.66 views

📄 ThingsBoard IoT Platform 4.2.0 Server-Side Request Forgery

ThingsBoard IoT Platform version 4.2.0 suffers from a server-side request forgery vulnerability. Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery SSRF Date: 2026-03-25 Exploit Author: Tamil Mathi T. Vendor Homepage: https://thingsboard.io Software Link:...

9.1CVSS5.8AI score0.01658EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.133 views

📄 Exim 4.91 Remote Command Execution

Exim versions 4.87 through 4.91 improper recipient-address validation remote command execution exploit. Spawns a netcat shell on port 31415 as root, then connects to it Vulnerablity is within Exim 4.87-4.91 import subprocess import socket import os import time from subprocess import Popen, PIPE...

10CVSS7.6AI score0.99961EPSS
Exploits27
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.81 views

📄 WordPress CatFolders 2.5.2 SQL Injection

WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability. CVE-2025-9776: Authenticated SQL Injection in CatFolders WordPress Plugin Keywords: CVE-2025-9776, CatFolders WordPress vulnerability, SQL injection WordPress, authenticated SQL injection,...

6.5CVSS5.9AI score0.00347EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/06 12:0 a.m.80 views

📄 MikroORM 7.0.5 SQL Injection

MikroORM versions 7.0.5 and below suffer from a remote SQL injection vulnerability. CVE-2026-43220 MikroORM SQL Injection ★ CVE-2026-43220 MikroORM SQL Injection PoC ★ https://github.com/user-attachments/assets/33724cfc-6151-47ff-9415-2f50c5124cd1 Overview CVE-2026-43220 is a SQL Injection...

5.5CVSS5.9AI score0.00127EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/05/06 12:0 a.m.73 views

📄 Hibernate ORM 5.6.15 SQL Injection

Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability. CVE-2026-0603 Hibernate ORM Injection / Second-Order SQL Injection ★ CVE-2026-0603 Hibernate SQL Injection PoC ★ https://github.com/user-attachments/assets/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f Overview...

8.3CVSS5.9AI score0.00782EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.67 views

📄 Traccar GPS Tracking System 6.11.1 Cross-Site WebSocket Hijacking

Traccar GPS Tracking System version 6.11.1 cross-site websocket hijacking proof of concept exploit. Exploit Title: Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking CSWSH Date: 2026-02-26 Exploit Author: Hazar Taspinar Vendor Homepage: https://www.traccar.org/ Software Link:...

7.1CVSS5.7AI score0.00541EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.59 views

📄 phpMyFAQ 4.0.16 Improper Authorization

phpMyFAQ versions 4.0.16 and below suffer from an improper authorization vulnerability. Exploit Title: phpMyFAQ = 4.0.16 - Improper Authorization Google Dork: N/A Date: 2026-01-23 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.phpmyfaq.de/ Software Link:...

6.5CVSS5.8AI score0.01734EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.56 views

📄 LangChain Core Insecure Deserialization

LangChain Core versions prior to 1.2.5 and 0.3.81 suffer from a deserialization vulnerability that allows for server-side template injection that can lead to remote code execution. Exploit Title: LangChain Core - SSTI/RCE Date: 2025-12-29 Exploit Author: Mohammed Idrees Banyamer Author Country:...

9.3CVSS7.6AI score0.1383EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.54 views

📄 Microsoft Windows 11 23H2 Denial of Service

Microsoft Windows 11 23H2 suffers from a denial of service vulnerability. Exploit Title: Windows 11 23H2 - Denial of Service DoS Google Dork: N/A Date: 2025-08-22 Exploit Author: Kryptoenix Vendor Homepage: https://www.microsoft.com/ Software Link:...

7.8CVSS5.8AI score0.01677EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.51 views

📄 HAX CMS 24.x Cross Site Scripting

HAX CMS version 24.x suffers from a persistent cross site scripting vulnerability. Exploit Title: HAX CMS 24.x - Stored Cross-Site Scripting XSS Date: 2026-01-28 Google Dork: "N/A" Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Vendor Homepage:...

8CVSS5.3AI score0.01036EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.60 views

📄 deephas 1.0.7 Prototype Pollution

The deephas npm package suffers from a prototype pollution vulnerability in versions 1.0.7 and below due to unsafe recursive property assignment without proper hasOwnProperty checks and inadequate path sanitization. Exploit Title: deephas 1.0.7 - Prototype Pollution Google Dork: N/A Date:...

9.4CVSS5.8AI score0.00717EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.48 views

📄 Atlona AT-OME-RX21 Authenticated Command Injection

Atlona AT-OME-RX21 suffers from an authenticated command injection vulnerability. // Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link:...

6.3CVSS5.8AI score0.01143EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.59 views

📄 Camaleon CMS 2.9.0 Path Traversal

Camaleon CMS version 2.9.0 suffers from a path traversal vulnerability. Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link:...

7.7CVSS5.8AI score0.1456EPSS
Exploits11
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.63 views

📄 Craft CMS 5.6.16 Remote Code Execution

Craft CMS version 5.6.16 remote code execution exploit. Exploit Title: Craft CMS 5.6.16 - RCE Google Dork: N/A Date: 2026-01-24 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Vendor Homepage: https://craftcms.com Software Link: https://github.com/craftcms/cms Version: = 3.9.14, =...

10CVSS6.6AI score0.99803EPSS
Exploits14
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.64 views

📄 GUnet OpenEclass E-learning Remote Code Execution

GUnet OpenEclass E-learning versions prior to 4.2 suffer from a remote code execution vulnerability. Exploit Title: GUnet OpenEclass E-learning platform """ def banner: printf'''YELLOW ┏━╸╻ ╻┏━╸ ┏━┓┏━┓┏━┓┏━┓ ┏━┓┏━┓┏━┓╻ ╻╺┓ ┃ ┃┏┛┣╸ ╺━╸┏━┛┃┃┃┏━┛┣━┓╺━╸┏━┛┏━┛┏━┛┗━┫ ┃ ┗━╸┗┛ ┗━╸ ┗━╸┗━┛┗━╸┗━┛ ┗━╸┗━╸┗━╸...

8.6CVSS6.4AI score0.03076EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.60 views

📄 Erugo 0.2.14 Remote Code Execution

Erugo versions 0.2.14 suffer from an authenticated remote code execution vulnerability. Exploit Title: Erugo = 0.2.14 - Authenticated Remote Code Execution RCE Date: 2026-02-02 Exploit Author: Abdul Moiz Vendor Homepage: https://github.com/ErugoOSS/Erugo Software Link:...

10CVSS6.4AI score0.03008EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.58 views

📄 BusyBox 1.37.0 Path Traversal

BusyBox version 1.37.0 suffers from a path traversal vulnerability. Exploit Title: BusyBox 1.37.0 - Path Traversal Google Dork: N/A Date: 2026-02-11 Exploit Author: Calil Khalil Vendor Homepage: https://busybox.net Software Link: https://busybox.net/downloads/ Version: BusyBox 1.36.1, 1.37.0 Test...

7CVSS5.8AI score0.00682EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.66 views

📄 SumatraPDF 3.5.2 Remote Code Execution

SumatraPDF versions 3.5.0 to 3.5.2 disable TLS hostname verification during update checks using INTERNETFLAGIGNORECERTCNINVALID and do not perform any signature or integrity validation on the downloaded installer. Exploit Title: SumatraPDF 3.5.2 - Remote Code Execution Date: 2026-02-10 Exploit...

7.5CVSS5.8AI score0.00445EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.62 views

📄 OpenWrt 23.05 Remote Code Execution

OpenWrt version 23.05 suffers from an authenticated remote code execution vulnerability. Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link:...

6.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.71 views

📄 NiceGUI 3.6.1 Path Traversal

NiceGUI version 3.6.1 suffers from a path traversal vulnerability. Exploit Title: NiceGUI 3.6.1 - Path Traversal Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: NiceGUI = 3.6.1 Python 3.8–3.12 on Linux/Windows CVE:...

7.5CVSS5.8AI score0.03212EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.71 views

📄 Microsoft Windows 11 24H2 Local Privilege Escalation

Microsoft Windows 11 24H2 suffers from a local privilege escalation vulnerability. Exploit Title: Windows 11 24H2 - Local Privilege Escalation Google Dork: inurl:http.sys "Windows 11 24H2" vulnerability | intitle:"HTTP.sys" "CVE-2026-21250" "Elevation of Privilege" Date: 2026-02-27 Exploit Author...

7.8CVSS5.8AI score0.0104EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.65 views

📄 HUSTOJ 26.01.24 Zip-Slip Remote Code Execution

HUSTOJ version 26.01.24 suffers from zip-slip remote code execution vulnerability. Exploit Title: HUSTOJ Zip-Slip v26.01.24 - RCE Date: 2026-02-14 Exploit Author: Marshall Whittaker / oxagast Vendor Homepage: https://github.com/zhblue/hustoj Software Link:...

9.8CVSS6.4AI score0.07895EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.63 views

📄 Frigate NVR 0.16.3 Remote Code Execution

Frigate NVR version 0.16.3 proof of concept remote code execution exploit written in Python. Exploit Title: Frigate NVR 0.16.3 - Remote Code Execution Date: 2026-02-05 Exploit Author: jduardo2704 Vendor Homepage: https://frigate.video/ Software Link: https://github.com/blakeblackshear/frigate...

9.1CVSS6.4AI score0.02874EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.66 views

📄 FacturaScripts 2025.43 Cross Site Scripting

FacturaScripts 2025.43 suffers from a persistent cross site scripting vulnerability in the product file upload functionality. Exploit Title: FacturaScripts 2025.43 - XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 Vendor Homepage:...

5.4CVSS5.3AI score0.00981EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.56 views

📄 JUNG Smart Visu Server 1.1.1050 Denial of Service

JUNG Smart Visu Server version 1.1.1050 suffers from a denial of service vulnerability. Exploit Title: JUNG Smart Visu Server 1.1.1050- Dos CVE: CVE-2026-26235 Date: 2026-02-12 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Author GitHub:...

8.7CVSS5.8AI score0.01784EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.58 views

📄 JuzaWeb CMS 3.4.2 Remote Code Execution

JuzaWeb CMS version 3.4.2 suffers from an authenticated remote code execution vulnerability. Exploit Title: JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution Date: 2026-01-10 Exploit Author: Sardor Shoakbarov Author GitHub: https://github.com/TheDeepOpc Vendor Homepage: https://juzaweb.com/...

6.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.56 views

📄 Repetier-Server 1.4.10 Path Traversal

Repetier-Server versions 1.4.10 and below suffer from a path traversal vulnerability. Exploit Title: Repetier-Server 1.4.10 - Path Traversal Exploit Author: Mohammed Idrees Banyamer Vendor Homepage: https://www.repetier.com/ Version: str: return "..%5c" depth def attemptreadtargeturl: str,...

9.8CVSS5.8AI score0.02806EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.55 views

📄 MindsDB 25.9.1.1 Path Traversal

MindsDB version 25.9.1.1 suffers from a path traversal vulnerability. Exploit Title: MindsDB 25.9.1.1 - Path Traversal Date: 06-03-2026 Exploit Author: Lohitya Pushkar thewhiteh4t Vendor Homepage: https://mindsdb.com/ Software Link: https://github.com/mindsdb/mindsdb Version: not installed handle...

8.8CVSS5.8AI score0.11113EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.59 views

📄 Linksys E1200 2.0.04 Buffer Overflow

Linksys E1200 with firmware versions 2.0.04 and below authenticated stack buffer overflow exploit. Exploit Title: Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow RCE Date: 2026-15-03 Exploit Author: JarrettgxzSec Vendor Homepage: www.linksys.com Version: FW " printf"! Example: python3...

8.8CVSS6AI score0.04436EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.62 views

📄 GNU InetUtils telnetd Remote Privilege Escalation

GNU InetUtils versions 2.0 through 2.6 telnetd remote privilege escalation proof of concept exploit. Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation Date: 2026-01-24 Exploit Author: Ali Guliyev infat0x Author GitHub: https://github.com/infat0x Vendor Homepage:...

9.8CVSS7.5AI score0.98871EPSS
Exploits60
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.58 views

📄 Xibo CMS SSTI / Remote Code Execution

Xibo CMS versions prior to 4.3.1 suffer from an authenticated remote code execution vulnerability via server-side template injection. Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/...

7.2CVSS6.5AI score0.00884EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.65 views

📄 Python-Multipart 0.0.22 Path Traversal

Python-Multipart version 0.0.22 suffers from a path traversal vulnerability. Exploit Title: Python-Multipart 0.0.22 - Path Traversal Date: 2026-02-23 Exploit Author: cardosource Vendor Homepage: https://github.com/Kludex/python-multipart Software Link: https://pypi.org/project/python-multipart/...

8.6CVSS6.7AI score0.02228EPSS
Exploits5
Total number of security vulnerabilities50738