Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.68 views

📄 Traccar GPS Tracking System 6.11.1 Cross-Site WebSocket Hijacking

Traccar GPS Tracking System version 6.11.1 cross-site websocket hijacking proof of concept exploit. Exploit Title: Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking CSWSH Date: 2026-02-26 Exploit Author: Hazar Taspinar Vendor Homepage: https://www.traccar.org/ Software Link:...

7.1CVSS5.7AI score0.00541EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/05/04 12:0 a.m.69 views

📄 cPanel Authentication Manipulation / Session Injection

This Python script attempts to an authentication bypass against a cPanel login endpoint by crafting a modified login request and manipulating session-related data. Versions after 11.40 are affected...

9.8CVSS6AI score0.981EPSS
Exploits64
Packet Storm
Packet Storm
added 2026/05/04 12:0 a.m.50 views

📄 UltimatePOS 4.8 Cross Site Scripting

The administrative panel in UltimatePOS version 4.8 suffers from a persistent cross site scripting vulnerability. CVE-2025-60503 — Stored Cross-Site Scripting XSS in UltimatePOS UltimateFosters v4.8 Publication date: 2025-10-30 CVE ID: CVE-2025-60503 RESERVED Researcher: Vivien Lebas Vendor:...

8.7CVSS5.3AI score0.00375EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/01 12:0 a.m.110 views

📄 cPanel / WHM Authentication Bypass / CRLF Injection

A critical authentication bypass vulnerability exists in the cPanel/WHM cpsrvd daemon due to improper neutralization of line delimiters CRLF in the whostmgrsession cookie and Authorization headers. An unauthenticated remote attacker can leverage this flaw to inject malicious session parameters...

9.8CVSS6.1AI score0.981EPSS
Exploits64
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.96 views

📄 LiteLLM 1.83.0 Insecure Direct Object Reference

LiteLLM exposes a /config/update API endpoint that allows administrators to make configuration changes to the instance. Due to a missing authorization check, low-privileged users can access this endpoint without restriction. An attacker with a low-privileged account can exploit this to exfiltrate...

8.8CVSS5.5AI score0.26409EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.65 views

📄 GoAnywhere MFT 7.9.1 HTML Injection

GoAnywhere MFT versions prior to 7.10.0 are affected by an HTML injection vulnerability in the email templating functionality. If an attacker is able to influence the content of a template variable, malicious HTML can be embedded into outgoing emails generated by the application. As these message...

5.4CVSS5.5AI score0.00155EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.140 views

📄 DeskTime Time Tracking App 1.3.671 Missing Certificate / Remote Code Execution

DeskTime Time Tracking App version 1.3.671 has an issue where due to missing TLS certificate validation, attackers, who can inject themselves into the network path between the client and the DeskTime update servers, can return a malicious executable in response to an update request and achieve...

4.8CVSS6.1AI score0.00179EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.149 views

📄 EfficientLab Controlio DLL Hijacking

EfficientLab Controlio versions prior to 1.3.95 suffer from dll hijacking vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: DLL Hijacking product: EfficientLab Controlio cloud-based employee monitoring...

5.1CVSS5.3AI score0.00163EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.157 views

📄 SAP HANA Cockpit / Database Explorer Private Key Disclosure

SAP HANA Cockpit and SAP HANA Database Explorer expose the private key of their X.509 certificate. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Exposed Private Key of X.509 Certificate product: SAP HANA...

5CVSS5.3AI score0.00304EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.65 views

📄 SolarEdge 3.0-2021 Cross Site Request Forgery / Out-Of-Bounds Access

SolarEdge version 3.0-2021 suffers from cross site request forgery and out-of-band injection vulnerabilities. Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal Author: nu11secur1ty Date: 2026-04-26 Vendor: SolarEdge Technologies Ltd. Software: SolarEdge Monitoring Platform - Framework...

5.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.62 views

📄 School Management System PHP 1.0.0 Cross Site Scripting

School Management System PHP version 1.0.0 suffers from a persistent cross site scripting vulnerability that can lead to administrative account takeover. ==================================================== School Management System PHP - Stored XSS leading to Admin Account Takeover...

5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.71 views

📄 Pizzafy Ecommerce System 1.0 SQL Injection

The admin/vieworder.php endpoint in Pizzafy Ecommerce System version 1.0 fails to properly sanitize the id GET parameter before passing it to a MySQL query. An authenticated administrator can manipulate this parameter to inject arbitrary SQL, leading to full database compromise. SQL Injection in...

5.8CVSS5.3AI score0.00244EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.66 views

📄 OpenNebula 6.10.0.1 Cross Site Scripting

OpenNebula version 6.10.0.1 suffers from multiple persistent cross site scripting vulnerabilities. OpenNebula-CVE-2025-56537 Exploit Title : OpenNebula 6.10.0.1 - Stored XSS Cross-site Scripting in virtual network template Exploit Author : Mark Artamonov Vendor Homepage : https://opennebula.io/...

6.1CVSS5AI score0.00185EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.84 views

📄 Pizzafy Ecommerce System 1.0 Shell Upload

The savemenu function in Pizzafy Ecommerce System version 1.0 handles image uploads for menu items without performing any file type validation. The application retrieves the file extension using pathinfo but never actually checks or restricts the allowed file types before moving the uploaded file...

5.8CVSS6AI score0.00268EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.70 views

📄 Coaching Management System 1.0 Cross Site Scripting

Coaching Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Stored Cross-Site Scripting XSS in Coaching Management System Leads to Account Takeover --- Product Coaching Management System in PHP Code-Projects.org...

5.1CVSS4.3AI score0.00232EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.81 views

📄 ESP-RFID-Tool V2 PRO Traversal / XSS / Bypass / Enumeration

ESP-RFID-Tool V2 PRO suffers from bypass, cross site request forgery, cross site scripting, information leakage, path traversal, and multiple other vulnerabilities. The vendor has seemingly taken a hostile approach to responding to these findings and is uncooperative. Security Advisory:...

5.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/28 12:0 a.m.93 views

📄 Microsoft Windows TBroker Registry Symlink Information Disclosure

This code demonstrates a proof of concept attack targeting Windows ATBroker Assistive Technology Broker to achieve sensitive information disclosure through unsafe Registry handling...

5.5CVSS5.2AI score0.0063EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/28 12:0 a.m.100 views

📄 Microsoft WinLogon Registry Deletion / Privilege Escalation

This code represents a highly destructive proof of concept targeting Windows WinLogon and Registry access control mechanisms to achieve privilege escalation and system integrity compromise. The exploit is built around abusing Registry symbolic links and session-based Accessibility paths to redire...

7.8CVSS5.6AI score0.03178EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.86 views

📄 thumbler 1.1.2 Command Injection

The thumbler package through version 1.1.2 contains a critical command injection vulnerability in the thumbnail function. User-supplied input parameters input, output, time, size are concatenated into a single ffmpeg command string and executed via childprocess.exec without proper sanitization. A...

9.8CVSS6.8AI score0.02308EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.135 views

📄 SQLite 3.50.1 winsqlite3.dll Heap Overflow

This Metasploit local exploit module targets a heap overflow vulnerability in winsqlite3.dll in SQLite versions prior to 3.50.2 on Windows systems. It first attempts to detect the installed SQLite version, then generates a specially crafted database and SQL workload containing an excessive number...

9.8CVSS6.2AI score0.73495EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.160 views

📄 Sequelize 6.37.7 SQL Injection

A remote SQL injection vulnerability exists Sequelize versions 6.37.7 and below in the JSON/JSONB where clause processing. When Sequelize parses a JSON path key containing ::, the value after :: is treated as a SQL cast type and is inserted into the generated SQL without proper validation. If an...

7.5CVSS5.8AI score0.00422EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.110 views

📄 OSK Registry-Based Privilege Escalation / Symlink Attack

The provided code is a conceptual Windows privilege escalation exploit targeting the On-Screen Keyboard osk.exe and Accessibility AT registry infrastructure. It attempts to abuse weak trust boundaries between user-level registry configuration and system-level execution paths...

7.8CVSS5.9AI score0.03239EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.89 views

📄 SolarEdge 3.0-2021 Cross Site Request Forgery / OOB Injection

SolarEdge version 3.0-2021 suffers from a cross site request forgery vulnerability in the /solaredge-web/p/initClient that can lead to a remote command injection vulnerability. Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.88 views

📄 textract 2.5.0 Command Injection

In textract version 2.5.0, a security vulnerability allows OS command injection when untrusted file paths are processed by the library. ================================================================================================================================== | Title : textract 2.5.0 OS...

9.8CVSS5.4AI score0.02421EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.98 views

📄 Vienna Assistant 1.2.542 macOS Privilege Escalation

A macOS helper service interface implemented via NSXPC was observed exposing methods that may allow privileged operations such as file writing and command execution through a remote proxy connection...

8.8CVSS5.7AI score0.00449EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.71 views

📄 OWASP CRS 3.3.9 / 4.25.x LTS / 4.8.x File Upload Bypass

This proof of concept demonstrating a weakness in some web applications protected by OWASP Core Rule Set CRS or similar filters, where file upload validation can be bypassed using ambiguous filename formatting...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.100 views

📄 V8 BigInt String Conversion Stress Test Conceptual Sandbox

This is a V8 Sandbox Escape vulnerability in BigInt::Allocate where buffers are shuffled outside the sandbox. The vulnerability allows for writes outside the boundaries of the allocated buffer within the sandbox outbound write by manipulating data during the MultiplyFFT process...

5.7AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.96 views

📄 pdf-image 2.0.0 Command Injection

In pdf-image version 2.0.0, a security issue allows OS command injection when untrusted input is passed to the PDFImage constructor and later processed by methods such as getInfo...

9.8CVSS5.4AI score0.02493EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.85 views

📄 Windows Cloud Files Tiering Engine Local Privilege Escalation

his Metasploit local exploit module models a Windows privilege escalation scenario involving Cloud Files, NTFS reparse points, named pipes, and service interaction. The workflow simulates abusing file system operations and cloud sync mechanisms by creating controlled directories, placeholder file...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.152 views

📄 node-tesseract-ocr 2.2.1 Command Injection

In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...

9.8CVSS5.4AI score0.01706EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.78 views

📄 WebADM 2.4.17-1 Password Hash Disclosure

WebADM version 2.4.17-1 contains an authenticated information disclosure vulnerability in the LDAP search functionality. The display parameter in search.php accepts any LDAP attribute without server-side validation. A low-privileged admin can retrieve SSHA password hashes for all LDAP users...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.113 views

📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation

This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...

7CVSS8.2AI score0.31894EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.83 views

📄 NocoBase 2.0.27 Sandbox Escape / Remote Code Execution

This code is a Metasploit Auxiliary module designed to exploit a remote code execution vulnerability in NocoBase versions 2.0.27 and below. It targets a flaw in the server-side script execution engine flownodes that allows breaking out of the JavaScript sandbox...

9.9CVSS6.7AI score0.36503EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.83 views

📄 Open WebUI 0.8.11 Information Disclosure

A potential access control issue was identified in Open WebUI where the Tools API and associated “valves” endpoints may expose sensitive configuration data when accessed with valid authentication tokens. The affected endpoints allow retrieval of tool metadata and configuration structures that may...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.77 views

📄 LuaJIT 2.1.1774638290 FFI Remote Code Execution / Lua Injection

This script is a LuaJIT exploitation tool that attempts to abuse the LuaJIT FFI Foreign Function Interface to execute system commands or arbitrary shellcode on a remote Lua runtime exposed over a TCP socket. It connects to a target service, injects Lua code dynamically, and leverages unsafe FFI...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.85 views

📄 MetInfo CMS 8.1 Shell Upload Mass Exploiter

This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014...

9.8CVSS5.3AI score0.39688EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.82 views

📄 OpenClaw 2026.3.13 MEDIA Protocol File Disclosure

This Python script is a security exploitation tool targeting the OpenClaw system integrated with Discord. It attempts to exfiltrate sensitive files from a victim environment by abusing a MEDIA: prompt injection mechanism...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.113 views

📄 Microsoft SQL Server 2022/2025 Privilege Escalation

This Python script demonstrates a privilege escalation technique targeting Microsoft SQL Server, associated with CVE-2025-24999. The exploit abuses improper permission controls on system stored procedures in the msdb database to elevate a low-privileged account to SYSADMIN...

8.8CVSS5.6AI score0.01516EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.102 views

📄 lollms-webui Server-Side Request Forgery

lollms-webui suffers from a server-side request forgery vulnerability. ================================================================================================================================== | Title : lollms-webui SSRF for Cloud Metadata Leakage and Internal Network Pivoting | | Author...

9.1CVSS5.3AI score0.21629EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.76 views

📄 MISP 2.5.27 Workflow Engine Cross Site Scripting

This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...

5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.145 views

📄 NLTK 3.9.2 Path Traversal / File Disclosure

NLTK version 3.9.2 suffers from a path traversal vulnerability that allows for file disclosure. ================================================================================================================================== | Title : NLTK 3.9.2 Path Traversal - File Disclosure Exploit | | Auth...

8.6CVSS5.4AI score0.00924EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.114 views

📄 MetInfo CMS 8.1 PHP Code Injection

This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...

9.8CVSS6.5AI score0.39688EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.106 views

📄 Keras 3.13.0 Malicious ML Model Server HDF5 Shape Bomb

This script is a Flask-based web server that distributes .keras machine learning model files, but it is designed in a malicious way for security research/testing scenarios. The main idea is a denial of service via memory exhaustion, where generated Keras models contain artificially declared...

7.5CVSS6.5AI score0.00299EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.87 views

📄 SocialEngine 7.8.0 Server-Side Request Forgery

SocialEngine versions 7.8.0 and below suffer from a blind server-side request forgery vulnerability. User input passed through the uri request parameter to the /core/link/preview endpoint is not properly sanitized before being used as URL to send an HTTP request from the web server...

8.5CVSS5.8AI score0.00302EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.101 views

📄 Langflow 1.8.4 Traversal / Remote Code Execution

This Metasploit module targets a path traversal vulnerability in Langflow versions 1.8.4 and below that allows attackers to write arbitrary files on the system through the /api/v2/files endpoint...

8.8CVSS5.9AI score0.02104EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.102 views

📄 SocialEngine 7.8.0 SQL Injection

SocialEngine versions 7.8.0 and below suffer from a remote SQL injection vulnerability. User input passed through the text request parameter to the /activity/index/get-memberall endpoint is not properly sanitized before being used to construct an SQL query...

9.8CVSS5.8AI score0.00972EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.80 views

📄 Hoverfly 1.11.3 Remote Command Execution

This Python script is an exploitation tool targeting a vulnerable Hoverfly API endpoint, specifically the /api/v2/hoverfly/middleware functionality, which allows execution of user-supplied input through a backend binary...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.81 views

📄 Grav CMS 1.7.49.5 Shell Upload

This script targets a Grav CMS administrative panel by first authenticating, then checking version information to estimate vulnerability exposure. If conditions are met, it generates a malicious PHP plugin containing a base64-encoded payload and uploads it as a ZIP package through the “direct...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.108 views

📄 Langflow Remote Code Execution

The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes the LangChains Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full remote code execution. This module...

9.8CVSS8.2AI score0.33694EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.104 views

📄 FortiWeb 8.0.1 Authentication Bypass / Code Execution

This Metasploit module targets a critical remote code execution vulnerability in FortiWeb's management interface by chaining multiple weaknesses. It goes from authentication bypass to path traversal to arbitrary file upload to remote code execution...

9.8CVSS6.9AI score0.89526EPSS
Exploits17
Total number of security vulnerabilities50738