Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข120 views

๐Ÿ“„ XiboCMS 3.3.4 Traversal / Code Execution

XiboCMS version 3.3.4 zip slip exploit that leverages path traversal and arbitrary file upload vulnerabilities to achieve code execution. Exploit Title: XiboCMS 3.3.4- Remote Code Execution Google Dork: N/A Date: 2025-11-18 Exploit Author: complexusprada Vendor Homepage: https://xibo.org.uk/...

8.8CVSS7.4AI score0.07093EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข85 views

๐Ÿ“„ ZSH 5.9 Remote Command Execution

ZSH version 5.9 proof of concept remote command execution exploit. Exploit ZSH 5.9 - RCE Date: 30-12-2025 Exploit Author: sinanadilrana import pexpect import sys import time def debugprintmsg: printf"DEBUG msg" def returntogdbgdb, maxattempts=3, timeout=3: """More reliable function to return to G...

6AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข125 views

๐Ÿ“„ RomM Cross Site Scripting / File Upload

RomM versions prior to 4.4.1 chained vulnerabilities exploit that leverages file upload to achieve cross site scripting that then leverages csrf token reuse to change a user's password. Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3...

7.6CVSS5.2AI score0.00278EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข122 views

๐Ÿ“„ MyRewards 5.6.0 Missing Authorization

MyRewards โ€“ Loyalty Points and Rewards for WooCommerce versions 5.6.0 and below suffer from a missing authorization vulnerability that allows for privilege escalation. CVE-2025-15260: Missing Authorization / Broken Access Control in Plugin - MyRewards โ€“ Loyalty Points and Rewards for WooCommerce...

6.5CVSS5.8AI score0.00274EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข141 views

๐Ÿ“„ WordPress Tutor LMS 3.9.5 Insecure Direct Object Reference

WordPress Tutor LMS plugin versions 3.9.5 and below suffer from broken access control and insecure direct object reference vulnerabilities. CVE-2026-1375: Authenticated IDOR / Broken Access Control in Tutor LMS Plugin Disclaimer: This repository is created for educational purposes and ethical...

8.1CVSS5.8AI score0.00345EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข127 views

๐Ÿ“„ WordPress Contact List 3.0.17 Cross Site Scripting

WordPress Contact List plugin versions 3.0.17 and below suffer from a persistent cross site scripting vulnerability. CVE-2026-3516: Authenticated Stored Cross-Site Scripting XSS in Contact List Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...

6.4CVSS5.2AI score0.00272EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข175 views

๐Ÿ“„ WordPress EventPrime 4.2.8.1 Arbitrary File Upload

WordPress EventPrime plugin versions 4.2.8.1 and below suffer from an unauthenticated arbitrary file upload vulnerability. CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventPrime Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...

5.3CVSS5.9AI score0.00379EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข100 views

๐Ÿ“„ 7-Zip Directory Traversal / Code Execution

7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file. Exploit Title: 7-Zip 25.00 - Directory Traversal to RCE via Malicious ZIP Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...

7.8CVSS7.6AI score0.27017EPSS
Exploits11
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข84 views

๐Ÿ“„ FortiWeb 8.0.1 Remote Code Execution

FortiWeb remote code execution exploit that affects versions prior to 7.6.7, 7.8.7, and 8.0.2. Exploit Title: FortiWeb 8.0.2 - Remote Code Execution Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor...

9.8CVSS6.5AI score0.89526EPSS
Exploits17
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข79 views

๐Ÿ“„ Horilla 1.3 Remote Command Execution

Horilla versions 1.3 and below suffer from a remote command execution vulnerability. Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE...

7.2CVSS6AI score0.02327EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข104 views

๐Ÿ“„ NetBT e-Fatura 2024 Unquoted Service Path

NetBT e-Fatura 2024 suffers from an unquoted service path vulnerability. Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type:...

7.3CVSS5.8AI score0.00414EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข110 views

๐Ÿ“„ React Server 19.2.0 Remote Code Execution

React Server versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 proof of concept remote code execution exploit. Exploit Title: React Server 19.2.0 - Remote Code Execution Date: 2025-12-05 Exploit Author: EynaExp https://github.com/EynaExp Vendor Homepage: https://react.dev Software Link:...

10CVSS7.4AI score0.99562EPSS
Exploits372
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข67 views

๐Ÿ“„ Jumbo Website Manager Shell Upload

Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7. Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข128 views

๐Ÿ“„ Microsoft MMC MSC EvilTwin Local Admin Creation

Microsoft MMC MSC EvilTwin local admin creation exploit. !/usr/bin/env python3 Exploit Title: Microsoft MMC MSC EvilTwin - Local Admin Creation Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.microsoft.com...

7CVSS7.3AI score0.31894EPSS
Exploits7
Packet Storm
Packet Storm
โ€ขadded 2026/04/10 12:0 a.m.โ€ข90 views

๐Ÿ“„ Authentic 8 User Profile Insecure Direct Object Reference

Proof of concept exploit that demonstrates user data exposure via an insecure direct object reference and missing access control vulnerabilities in the User Profile endpoint of Authentic 8...

5.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/04/09 12:0 a.m.โ€ข103 views

๐Ÿ“„ Vaadin 25.x Authentication Bypass

An authentication bypass affects Vaadin versions 6.8.13, 14.x, 23.x, 24.x, and 25.x when used with Spring Security, due to inconsistent path pattern matching on reserved framework routes. Accessing the /VAADIN endpoint without a trailing slash can bypass security filters, allowing unauthenticated...

5.9AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/04/09 12:0 a.m.โ€ข101 views

๐Ÿ“„ Spectrum ANOG Device Credential Extraction / Command Injection

This Metasploit auxiliary module targets Spectrum/ANOG devices and combines credential extraction, password decryption, and remote command execution through an authenticated command injection flaw...

6.1AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/04/09 12:0 a.m.โ€ข112 views

๐Ÿ“„ Microsoft Malware Protection Engine Type Confusion

Microsoft Malware Protection Engine type confusion vulnerability proof of concept exploit for an older vulnerability from 2017. ================================================================================================================================== | Title : Microsoft Malware Protection...

9.3CVSS7.2AI score0.77207EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2026/04/09 12:0 a.m.โ€ข84 views

๐Ÿ“„ UNI-PASS-Based Customs Systems Insecure Direct Object Reference

A critical security vulnerability has been identified in customs platforms based on UNI-PASS, where a publicly exposed API endpoint allows unauthorized access to sensitive documents without proper authentication or authorization checks. The affected endpoint commonly structured under /api/public/...

5.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/04/08 12:0 a.m.โ€ข106 views

๐Ÿ“„ Cockpit CMS 2.13.5 Cross Site Scripting

Cockpit CMS version 2.13.5 suffers from a persistent cross site scripting vulnerability in the content model display template. The $interpolate function in /modules/App/assets/js/app/utils.js uses new Function to evaluate template strings, allowing arbitrary JavaScript execution. Any authenticate...

5.6AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/04/08 12:0 a.m.โ€ข114 views

๐Ÿ“„ Dolibarr 23.0.0 dol_eval_standard() Whitelist Bypass

Dolibarr version 23.0.0 bypass proof of concept exploit. The whitelist mode of dolevalstandard does not apply $forbiddenphpstrings checks, and the function-call regex does not detect PHP dynamic callable syntax. This allows 'exec''cmd' to bypass all validation and reach eval. !/usr/bin/env python...

8.6CVSS5.9AI score0.15527EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2026/04/07 12:0 a.m.โ€ข97 views

๐Ÿ“„ NocoBase 2.0.27 Sandbox Escape / Remote Code Execution

NocoBase versions 2.0.27 and below suffer from a sandbox escape vulnerability in the Workflow Script Node. The console object passed into the Node.js vm sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout. An authenticated attacker can traverse the prototype...

9.9CVSS5.9AI score0.36503EPSS
Exploits7
Packet Storm
Packet Storm
โ€ขadded 2026/04/06 12:0 a.m.โ€ข107 views

๐Ÿ“„ Grafana 11.6.0 Server-Side Request Forgery

Grafana versions 11.2.0 through 11.6.0 suffer from a server-side request forgery vulnerability. Exploit Title: Grafana 11.6.0 - SSRF FOFA: app="Grafana" Date: 2-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download...

7.6CVSS7.2AI score0.97809EPSS
Exploits6
Packet Storm
Packet Storm
โ€ขadded 2026/04/06 12:0 a.m.โ€ข108 views

๐Ÿ“„ Fuel CMS 1.4.1 Remote Command Execution

Fuel CMS version 1.4.1 unauthenticated remote command execution exploit that leverages an issue discovered back in 2018. !/usr/bin/python3 Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution RCE via filter parameter Google Dork: intitle:"Welcome to Fuel CMS" inurl:/fuel/ Date: 2025-04-05 Exploi...

9.8CVSS7.4AI score0.82937EPSS
Exploits17
Packet Storm
Packet Storm
โ€ขadded 2026/04/06 12:0 a.m.โ€ข102 views

๐Ÿ“„ ASP.net 8.0.10 HTTP Request Smuggling / Authentication Bypass

ASP.net version 8.0.10 suffers from HTTP request smuggling, bypass, and server-side request forgery vulnerabilities. Exploit Title: ASP.net 8.0.10 - Bypass Date: 2025-11-03 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer CV...

9.9CVSS7.2AI score0.66258EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2026/04/06 12:0 a.m.โ€ข86 views

๐Ÿ“„ WordPress Madera 2.2.2 Local File Inclusion

WordPress Madera plugin versions 2.2.2 and below suffer from a local file inclusion vulnerability. Exploit Title: WordPress Madara Local File Inclusion Date: November 1, 2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: WordPress Theme Madara Software Link: WordPress Theme Madara Teste...

9.8CVSS7.2AI score0.09094EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2026/04/06 12:0 a.m.โ€ข117 views

๐Ÿ“„ Zhiyuan OA Traversal / File Upload

Path traversal and improper validation in the multipart file upload handling of Zhiyuan OA's wpsAssistServlet allows an attacker to place crafted files outside the intended directories by controlling the realFileType and fileId parameters. Exploit Title: Zhiyuan OA - arbitrary file upload leading...

10CVSS5.9AI score0.1438EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/04/03 12:0 a.m.โ€ข210 views

๐Ÿ“„ DigitalOcean Droplet Agent Remote Command Execution

DigitalOcean Droplet Agent versions through 1.3.2 suffer from a remote command injection vulnerability via metadata poisoning and side-channel attacks. CVE-2026-24516-DigitalOcean-RCE. Technical analysis and PoC for CVE-2026-24516: Unauthenticated Root Remote Code Execution in DigitalOcean Drople...

8.8CVSS6.4AI score0.02502EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2026/04/03 12:0 a.m.โ€ข262 views

๐Ÿ“„ Microsoft SQL Server 2022 / 2025 Privilege Escalation

Microsoft SQL Server versions 2022 and 2025 suffer from a privilege escalation vulnerability via the MSDatabaseManager role. Title: Microsoft SQL Server Privilege Elevation Through MSDatabaseManager Role CVE-2025-24999 Product: Database Manufacturer: Microsoft Affected Versions: SQL Server...

8.8CVSS5.9AI score0.01516EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2026/04/02 12:0 a.m.โ€ข138 views

๐Ÿ“„ listmonk Session Persistence

listmonk has a flaw where sessions persist as valid after password reset and password change. CVE-2026-34828 listmonkโ€™s Session Persistence After Password Reset and Password Change Intro I found this issue while reviewing listmonk, an open-source newsletter and mailing list manager, with a simple...

7.1CVSS5.9AI score0.003EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2026/04/02 12:0 a.m.โ€ข131 views

๐Ÿ“„ Bloomberg Memray Cross Site Scripting

Bloomberg Memray prior to versions 1.19.2 rendered the command line of the tracked process directly into generated HTML reports without escaping, allowing for cross site scripting attacks. CVE-2026-32722 Bloomberg Memrayโ€™s Stored XSS via Unescaped Command-Line Metadata Intro I found this issue...

6.1CVSS5.4AI score0.00302EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2026/04/02 12:0 a.m.โ€ข139 views

๐Ÿ“„ Langflow 1.8.4 File Write / Traversal / Remote Code Execution

Langflow versions 1.8.4 and below have an issue where the POST /api/v2/files endpoint does not sanitize the filename parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences. When Langflow runs with...

8.8CVSS6.6AI score0.02104EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2026/04/01 12:0 a.m.โ€ข253 views

๐Ÿ“„ MetInfo CMS 8.1 Code Injection

MetInfo CMS versions 8.1 and below suffer from a PHP code injection vulnerability in weixinreply.class.php. --------------------------------------------------------------------------- MetInfo CMS = 8.1 weixinreply.class.php PHP Code Injection Vulnerability...

9.8CVSS5.9AI score0.39688EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข149 views

๐Ÿ“„ FreeScout 1.8.206 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in FreeScout versions less than or equal to 1.8.206 CVE-2026-28289. The sanitizeUploadedFileName function checks for dot-prefixed filenames before stripping Unicode format characters ZWSP U+200B, allowing...

10CVSS6.5AI score0.3114EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข155 views

๐Ÿ“„ NLTK StanfordSegmenter 3.9.2 Arbitrary Code Execution

nltk.tokenize.StanfordSegmenter dynamically loads external Java .jar files via subprocess without performing any integrity verification, signature checking, or sandboxing. The class accepts fully attacker-controlled parameters including pathtojar, pathtomodel, pathtodict, and javaclass, and passe...

10CVSS6.6AI score0.00777EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข169 views

๐Ÿ“„ Langflow 1.8.1 Remote Code Execution

This Python script is a multi-threaded tool targeting a suspected vulnerability in Langflow versions 1.8.1 and below that allows unauthenticated remote code execution through unsafe execution of CustomComponent code during flow compilation...

9.8CVSS6.5AI score0.98412EPSS
Exploits17
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข112 views

๐Ÿ“„ Langflow 1.8.1 Remote Code Execution

This Metasploit auxiliary module scans Langflow instances for CVE-2026-33017, an unauthenticated remote code execution vulnerability affecting versions 1.8.1 and below. ================================================================================================================================...

9.8CVSS6.4AI score0.98412EPSS
Exploits17
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข157 views

๐Ÿ“„ Microsoft Windows RRAS Integer Overflow

This Metasploit module simulates a remote exploitation attempt against a hypothetical integer overflow vulnerability in Windows RRAS, which could lead to a heap-based overflow and potential remote code execution...

8CVSS6.1AI score0.00836EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข145 views

๐Ÿ“„ lollms-webui Server-Side Request Forgery

A critical server-side request forgery vulnerability has been identified in lollms-webui, the web interface for Lord of Large Language and Multi modal Systems. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to force the server into making arbitrary GET requests. This can b...

9.1CVSS5.8AI score0.21629EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข212 views

๐Ÿ“„ Grav CMS 1.7.49.5 Remote Code Execution

Grav CMS versions 1.7.49.5 and below with Admin Plugin versions 1.10.49.3 and below are vulnerable to an authenticated remote code execution vulnerability via the "Direct Install" feature in the administrative interface. An authenticated administrator can upload a crafted plugin archive containin...

8.1CVSS6.6AI score0.0871EPSS
Exploits7
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข150 views

๐Ÿ“„ WordPress Datalogics Ecommerce Delivery Privilege Escalation

WordPress Datalogics Ecommerce Delivery plugin versions prior to 2.6.60 suffer from a privilege escalation vulnerability. ===============================================================================================================================================================================...

9.8CVSS5.9AI score0.0058EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข181 views

๐Ÿ“„ NLTK 3.9.2 Arbitrary File Read / Path Traversal

NLTK versions 3.9.2 and below suffer from an arbitrary file read issue due to a path traversal vulnerability. CVE-2026-0847 โ€” NLTK Multiple CorpusReader Classes: Arbitrary File Read via Path Traversal --- Overview | Field | Details | |---|---| | CVE ID | CVE-2026-0847 | | Package | nltk Natural...

8.6CVSS6AI score0.00924EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข130 views

๐Ÿ“„ Wagtail CMS 6.4.1 Cross Site Scripting

Wagtail CMS version 6.4.1 is vulnerable to a persistent cross site scripting vulnerability in the document upload functionality. An attacker can embed a malicious payload inside a PDF file. When the uploaded document is accessed via the CMS interface, the payload may execute in the context of the...

5.5AI score0.00225EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2026/03/31 12:0 a.m.โ€ข146 views

๐Ÿ“„ Google Keras 3.13.0 Denial of Service

A denial of service vulnerability exists in the HDF5 weight loading component of Google Keras versions 3.0.0 through 3.13.0 on all platforms. The vulnerability is caused by the absence of any validation or throttling when processing HDF5 dataset shape metadata declared inside a .keras archive...

7.5CVSS5.9AI score0.00299EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2026/03/30 12:0 a.m.โ€ข133 views

๐Ÿ“„ Forcepoint One Endpoint macOS 25.08.5008 DLP Bypass

Forcepoint One Endpoint DLP Endpoint for macOS version 25.08.5008 with DLP Policy Engine version 10.2.0.298 allows a local standard non-admin user to bypass DLP content inspection and policy enforcement by sending SIGSTOP to user-owned browser helper processes Websense Endpoint Helper,...

6.5CVSS6.6AI score0.00952EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2026/03/30 12:0 a.m.โ€ข122 views

๐Ÿ“„ Ghost CMS 6.19.0 SQL Injection

Ghost CMS versions 3.24.0 through 6.19.0 suffer from a remote SQL injection vulnerability via the content API. Exploit Title: Ghost CMS Unauthenticated SQLi via Content API Date: 2026-03-30 Exploit Author: Maksim Rogov Exploit Licence: GPL-3.0 Software Link: https://ghost.org/ Version: Ghost =...

9.4CVSS6AI score0.69996EPSS
Exploits7
Packet Storm
Packet Storm
โ€ขadded 2026/03/30 12:0 a.m.โ€ข130 views

๐Ÿ“„ Bludit CMS Shell Upload

Bludit CMS versions prior to 3.18.4 have an unrestricted API file upload vulnerability that allows for remote code execution. Exploit Title: Bludit CMS . The uploadFile function performs no file extension or content validation, allowing upload of PHP webshells that execute as www-data. The API...

8.8CVSS6.1AI score0.01919EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2026/03/30 12:0 a.m.โ€ข103 views

๐Ÿ“„ LuaJIT 2.1.1774638290 Arbitrary Code Execution

LuaJIT's Foreign Function Interface FFI provides unrestricted access to native C functions including syscall, mmap, mprotect and arbitrary shared library loading. When FFI is accessible to untrusted Lua code in embedding scenarios OpenResty, Redis, game engines, IoT, an attacker can achieve...

6.4AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/03/27 12:0 a.m.โ€ข120 views

๐Ÿ“„ Generic HTTP Command Execution

This Metasploit module interacts with existing command execution functionality on a target system, where user-supplied input is directly passed to system execution functions via a HTTP request. This could be from an existing vulnerability, or uploaded webshells. It is likely that HTTP evasion...

6.1AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2026/03/26 12:0 a.m.โ€ข111 views

๐Ÿ“„ OpenEMR 8.0.0.2 SQL Injection

OpenEMR version 8.0.0.2 contains a remote SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. CVE-2026-33910 - SQL Injection Vulnerability in...

8.8CVSS5.9AI score0.00427EPSS
Exploits2
Total number of security vulnerabilities50738