Lucene search
K
PacketstormnewsRecent

6819 matches found

Packet Storm News
Packet Storm News
•added 2025/04/10 12:0 a.m.•4 views

The Riskiest Connected Devices of 2025

Since 2020, Forescout Research - Vedere Labs has been monitoring the riskiest devices in organizational networks, leveraging data sourced directly from the devices themselves. This marks their fifth report in six years...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/09 12:0 a.m.•5 views

CrushFTP 10 / 11 Authentication Bypass

This proof of concept will exploit the authentication bypass vulnerability in CrushFTP versions 10 before 10.8.4 and 11 before 11.3.1. It will create a new user account with administrative level permissions. It requires the username of an existing user as the target and the default is set to...

9.8CVSS7AI score0.99947EPSS
Exploits22
Packet Storm News
Packet Storm News
•added 2025/04/09 12:0 a.m.•7 views

FASTRPC_ATTR_KEEP_MAP Use-After-Free

A FASTRPCATTRKEEPMAP logic bug allows fastrpcinternalmunmapfd to concurrently free in-use mappings leading to a use-after-free condition...

6.7CVSS7AI score0.00138EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/08 12:0 a.m.•9 views

WordPress Bricks Builder 1.9.6 Remote Code Execution

WordPress Bricks Builder plugin versions 1.9.6 and below unauthenticated remote code execution exploit...

10CVSS8.3AI score0.88234EPSS
Exploits18
Packet Storm News
Packet Storm News
•added 2025/04/08 12:0 a.m.•7 views

WordPress Motors 1.4.64 Arbitrary Plugin Installation

WordPress Motors plugin versions 1.4.64 and below suffer from an arbitrary plugin installation vulnerability...

8.8CVSS7.1AI score0.00836EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/04/07 12:0 a.m.•10 views

Next.js Middleware 15.2.2 Authorization Bypass

Next.js Middleware authorization bypass proof of concept exploit. Versions affected include 13.0.0 through 13.5.8, 14.0.0 through 14.2.24, 15.0.0 through 15.2.2, and 11.1.4 through 12.3...

9.1CVSS7AI score0.99301EPSS
Exploits58
Packet Storm News
Packet Storm News
•added 2025/04/07 12:0 a.m.•5 views

OpenSCAP Libraries 1.3.12

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/07 12:0 a.m.•8 views

AIDE 0.19

AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/04 12:0 a.m.•12 views

WordPress RomethemeKit for Elementor 1.5.4 Arbitrary Plugin Installation

WordPress RomethemeKit For Elementor plugin versions 1.5.4 and below suffer from an authenticated arbitrary plugin installation and activation vulnerability that can lead to remote code execution...

9.9CVSS8AI score0.01823EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/04/04 12:0 a.m.•5 views

Firefox xslt/txNodeSorter Out-Of-Bounds Access

An inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access in Firefox...

8.1CVSS8.8AI score0.00391EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•4 views

Apple Security Advisory 03-31-2025-2

Apple Security Advisory 03-31-2025-2 - Xcode 16.3 addresses issues where a malicious app could access private information or overwrite arbitrary files...

5.5CVSS6.7AI score0.00248EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 03-31-2025-5

Apple Security Advisory 03-31-2025-5 - iOS 16.7.11 and iPadOS 16.7.11 addresses an out of bounds write vulnerability...

8.8CVSS6.7AI score0.04371EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 03-31-2025-6

Apple Security Advisory 03-31-2025-6 - iOS 15.8.4 and iPadOS 15.8.4 addresses an out of bounds write vulnerabilities...

8.8CVSS6.9AI score0.04371EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•6 views

Apple Security Advisory 03-31-2025-8

Apple Security Advisory 03-31-2025-8 - macOS Sonoma 14.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

9.8CVSS7.4AI score0.18668EPSS
Exploits11
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 03-31-2025-9

Apple Security Advisory 03-31-2025-9 - macOS Ventura 13.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

9.8CVSS7.4AI score0.18668EPSS
Exploits11
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•15 views

Apple Security Advisory 03-31-2025-4

Apple Security Advisory 03-31-2025-4 - iPadOS 17.7.6 addresses buffer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.18668EPSS
Exploits12
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•2 views

Apple Security Advisory 03-31-2025-10

Apple Security Advisory 03-31-2025-10 - tvOS 18.4 addresses buffer overflow, out of bounds read, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.0197EPSS
Exploits3
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•5 views

Apple Security Advisory 03-31-2025-11

Apple Security Advisory 03-31-2025-11 - visionOS 2.4 addresses buffer overflow, bypass, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.0197EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 04-01-2025-1

Apple Security Advisory 04-01-2025-1 - watchOS 11.4 addresses buffer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.0197EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•1 views

Apple Security Advisory 03-31-2025-1

Apple Security Advisory 03-31-2025-1 - Safari 18.4 addresses buffer overflow, cross site scripting, spoofing, and use-after-free vulnerabilities...

9.8CVSS6.8AI score0.00961EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•5 views

Apple Security Advisory 03-31-2025-3

Apple Security Advisory 03-31-2025-3 - iOS 18.4 and iPadOS 18.4 addresses buffer overflow, bypass, cross site scripting, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS6.7AI score0.0197EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•93 views

Apple Security Advisory 03-31-2025-7

Apple Security Advisory 03-31-2025-7 - macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.4AI score0.02527EPSS
Exploits9
Packet Storm News
Packet Storm News
•added 2025/04/02 12:0 a.m.•2 views

Wazuh 4.11.2

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/02 12:0 a.m.•12 views

WordPress Front-End Users 3.2.32 Shell Upload

WordPress Front-End Users plugin versions 3.2.32 and below suffer from a remote shell upload vulnerability...

9.8CVSS7.2AI score0.20411EPSS
Exploits3
Packet Storm News
Packet Storm News
•added 2025/04/01 12:0 a.m.•3 views

Advanced XSS Exploitation - Capturing User Local Storage Data

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to capture data from the client's local storage and send it to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilia...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•12 views

WordPress Newscrunch Theme 1.8.4.1 Shell Upload

WordPress Newscrunch theme version 1.8.4.1 suffers from a remote shell upload vulnerability...

9.8CVSS7.2AI score0.01977EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•9 views

WordPress SoJ SoundSlides 1.2.2 Shell Upload

WordPress SoJ SoundSlides plugin versions 1.2.2 and below suffer from a remote shell upload vulnerability...

8.8CVSS7.2AI score0.00688EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•7 views

Packet Storm New Exploits for March, 2025

This archive contains all of the 223 exploits added to Packet Storm in March, 2025...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•9 views

WordPress Datasets Manager 1.5 Shell Upload

WordPress Datasets Manager plugin versions 1.5 and below suffer from a remote shell upload vulnerability...

10CVSS7.2AI score0.0135EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•6 views

WordPress Verbalize WP 1.0 Shell Upload

WordPress Verbalize WP plugin versions 1.0 and below suffer from a remote shell upload vulnerability...

9.8CVSS7.2AI score0.00443EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•3 views

Advanced XSS Exploitation - How to Record User Audio

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to record client audio conversations and send them to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilian...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•6 views

Advanced XSS Exploitation - User Screenshot

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to take screenshots of the client's screen and send them to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilian...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•10 views

WordPress Newscrunch Theme 1.8.4.1 Cross Site Request Forgery

WordPress Newscrunch theme version 1.8.4 suffers from a cross site request forgery vulnerability...

8.8CVSS6.7AI score0.00491EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•11 views

WordPress Checkout Mestres do WP for WooCommerce 8.7.5 Missing Authentication

WordPress Checkout Mestres do WP for WooCommerce plugin versions 8.6.5 through 8.7.5 suffer from a missing authentication vulnerability that allows you to update options...

9.8CVSS7AI score0.00678EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•8 views

WordPress the Novel Design Store Directory 4.3.0 Shell Upload

WordPress The Novel Design Store Directory plugin versions 4.3.0 and below suffer from a remote shell upload vulnerability...

10CVSS7.2AI score0.01457EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/28 12:0 a.m.•7 views

Advanced XSS Exploitation - How to Create Keylogger and Get Password

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to create keyloggers and send the content typed by the client to an external server, where the attacker will have access to messages, passwords, etc. The paper is primarily focusing on a...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/28 12:0 a.m.•12 views

WordPress WPC Smart Upsell Funnel for WooCommerce 3.0.4 Privilege Escalation

A missing authorization vulnerability in the WPC Smart Upsell Funnel for WooCommerce plugin versions through 3.0.4 allows authenticated users with minimal privileges e.g., subscriber to escalate their privileges by modifying arbitrary WordPress options via a vulnerable AJAX endpoint...

8.8CVSS7AI score0.00596EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/28 12:0 a.m.•11 views

WordPress Kubio AI Page Builder 2.5.1 Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to a local file inclusion vulnerability in all versions up to, and including, 2.5.1 via the kubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server...

9.8CVSS6.9AI score0.76761EPSS
Exploits12
Packet Storm News
Packet Storm News
•added 2025/03/28 12:0 a.m.•4 views

Horde IMP 6.2.27 Cross Site Scripting / Account Takeover

Proof of concept exploit that demonstrates a cross site scripting vulnerability in Horde IMP versions 6.2.27 and below...

7.2CVSS6.3AI score0.30164EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/27 12:0 a.m.•4 views

Advanced XSS Exploitation - How to Capture Session Cookies

In this paper, the author teaches advanced cross site scripting techniques that can be used to capture user session cookies and send them to an external server. Although this paper primarily focuses on attack methodology, it also touches on cross site scripting mitigations. Written in Brazilian...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/27 12:0 a.m.•6 views

TeamViewer Improper Signature Verification

Proof of concept code for a flaw in TeamViewer that enables an unprivileged user to load an arbitrary kernel driver into the system. This is a python implementation of the original exploit produced by Peter Gabaldon...

8.8CVSS7.1AI score0.00412EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/03/27 12:0 a.m.•6 views

IngressNightmare Proof of Concepts

This is an archive of IngressNightmare proof of concept exploits meant to help researchers understand the exploitation and vulnerability prerequisites. IngressNightmare is a series of unauthenticated remote code execution vulnerabilities in ingress NGINX controllers for Kubernetes...

9.8CVSS8.3AI score0.99098EPSS
Exploits21
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•7 views

Next.js Authorization Bypass

Proof of concept exploit for a critical security vulnerability affecting Next.js, a popular React framework for building full-stack web applications. This flaw allows attackers to bypass authorization checks implemented in Next.js middleware, potentially granting unauthorized access to sensitive...

9.1CVSS6.8AI score0.99301EPSS
Exploits58
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•4 views

Buffer Overflow - How to Create an Exploit for a Web Server

In this paper, the author demonstrates how to identify a vanilla buffer overflow and how to create an exploit in Perl to exploit a vulnerability in the well-known web server MiniHttp. Written in Brazilian Portuguese...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•10 views

WordPress SEO LAT Auto Post 2.2.1 Remote Code Execution

WordPress SEO LAT Auto Post plugin versions 2.2.1 and below suffer from a remote code execution vulnerability...

9.8CVSS8.2AI score0.03171EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•6 views

Microsoft Windows Runtime Broker ClipboardBroker Privilege Escalation

The Runtime Broker’s Clipboard Broker allows any low IL/AppContainer such as Edge or IE EPM to get access to an OOP IStorage object through the ClipboardBroker leading to a sandbox escape...

5.5CVSS7AI score0.13975EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•2 views

Zed Attack Proxy 2.16.1 Cross Platform Package

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•15 views

WordPress ScottCart 1.1 Remote Code Execution

WordPress ScottCart plugin versions 1.1 and below suffer from a remote code execution vulnerability...

9.8CVSS8.2AI score0.0135EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•6 views

How to Create a Scan in Perl to Identify Vulnerable Telnet Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable telnet servers. In the context of application security, the author provides mitigation recommendations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•4 views

How to Create a Scan in Perl to Identify Vulnerable SSH Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable SSH servers. In the context of application security, the author provides mitigation recommendations...

6.9AI score
Exploits0
Total number of security vulnerabilities6819