Metasploit Wrap Up 05/29/2026

More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnerabilities in a...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CVE-2026-3055 NetScaler SAML IdP check Python helper to probe...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

🔍 CVE-2026-3055 Scanner - NetScaler Memory Overread Detection...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3055link is external Citrix NetScaler Out-of-Bounds Read Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...

CVE-2026-3055

CVE-2026-3055 affects Citrix NetScaler ADC/NetScaler Gateway when configured as a SAML IDP, causing a memory overread due to insufficient input validation. Affected versions per Nessus plugin: NetScaler ADC/Gateway 14.1 prior to 14.1-66.59; 13.1 prior to 13.1-62.23; and 13.1-FIPS/NDcPP prior to 1...

CVE-2026-3055

creationtimestamp| type| source ---|---|--- 2026-03-23 10:05:10+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-2026-05 2026-03-23 14:31:13+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/citrix-security-advisory-av26-267 2026-03-23 14:35:26+00:00| seen|...

Amazon Linux 2 : unbound, --advisory ALAS2-2025-3055 (ALAS-2025-3055)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3055 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

EUVD-2011-3055

Malware in sbrugna...

EUVD-2018-3055

Malware in sbrugna...

CVE-2025-3055

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-3055

creationtimestamp| type| source ---|---|--- 2025-06-05 06:01:27+00:00| published-proof-of-concept| Telegram/uHWvAuvUwozE9xqR-TnjEBub-qWhHMqFHErXUgC3HaO00ME 2025-06-05 06:49:02+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqtq2zf25mv2...

CVE-2025-3055 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-3055

The CVE concerns the WordPress plugin WP User Frontend Pro (

CVE-2025-3055 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-setuptools (SUSE-SU-2024:3055-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3055-1 advisory. - CVE-2024-6345: Fixed code execution via download functions in the packageindex module bsc1228105 Tenabl...

CVE-2024-3055

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

CVE-2024-3055 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

CVE-2024-3055

CVE-2024-3055 affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress. Time-based SQL Injection in the id parameter exists in all versions up to 1.5.102 due to insufficient escaping and lack of prepared SQL in the query. Authenticated attackers with contributor ac...

CVE-2024-3055 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...