HTTPS Fetch, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/meterpreter/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show option...

HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/custom/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...

HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/custom/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...

CVE-2026-34742 Model Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on Localhost

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or...

CVE-2026-34425

OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass in the shell-bleed protection. The bypass lets attackers craft piped, subshell, or command-substitution forms that the parser fails to recognize, enabling execution of blocked script content that would otherwise be bl...

CVE-2026-34728 phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...

keycloak: Keycloak: UMA policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

keycloak: Keycloak: Information Disclosure via improper role enforcement in UMA 2.0 Protection API

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

CVE-2026-4636

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

CVE-2026-4636 Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

CVE-2026-4636

Keycloak vulnerability CVE-2026-4636: An authenticated user with the uma_protection role can bypass UMA policy validation, allowing inclusion of resource identifiers owned by other users in a policy creation request. This can grant unauthorized permissions to victim-owned resources, enabling retr...

Qilin EDR killer infection chain

Endpoint detection and response EDR tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. Disabling telemetry collection process, memory, network activity limits what defenders can see and analyze. As defenders...

CVE-2026-1540 Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

Yokogawa CENTUM VP

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

CVE-2025-13855

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

PT-2026-29868

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to commit 8aceaf5 Description OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass in shell-bleed protection. This allows attackers to execute blocked script content by using piped or complex...

PT-2026-29893

🚨CVE CVE-2026-35000 https://t.co/x6IcOzWR1x versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary l… https://t.co/qyCAYVmz24 ----- Traducción: CVE-2026-3500… https://t.co/utmtNgl3sv...

WordPress plugin Spam Protect for Contact Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises from verified users with the UMA protection role being able to bypass UMA policy verification. This could allow attackers to include...

MCP Go SDK 安全漏洞

MCP Go SDK is an open-source development toolkit for the Model Context Protocol. Versions of MCP Go SDK prior to 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the default lack of DNS rebinding protection, allowing malicious websites to bypass the same-origin policy...