Lucene search
K

1267 matches found

Metasploit
Metasploit
added 4 days ago15 views

FTP Fetch, Windows shellcode stage, Reverse HTTP Stager Proxy

Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/ftp/x86/custom/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION ms...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-59999

A flaw was found in sshd, the OpenSSH server daemon. When DisableForwarding=yes is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over PermitTunnel=yes. This allows a remote attacker to bypass intended security restrictions and establish a tunnel,...

7.5CVSS6AI score0.0014EPSS
Exploits0References6
OSV
OSV
added 6 days ago4 views

DEBIAN-CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS5.9AI score0.0014EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/04 1:7 a.m.56 views

[SECURITY] Fedora 43 Update: openvpn-2.6.21-1.fc43

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

6AI score
Exploits0
Cvelist
Cvelist
added 2026/06/29 11:30 a.m.33 views

CVE-2026-13563 Edimax EW-7478APC POST Request formL2TPSetup stack-based overflow

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...

9CVSS0.00445EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 11:30 a.m.7 views

CVE-2026-13563

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00445EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/26 7:17 p.m.4 views

GHSA-CG7W-RG45-PC59 pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)

Summary When an application using Pydantic AI opts a URL into forcedownload='allow-local' which disables the default block on private/internal IPs and runs on a network that routes the affected IPv6 transition forms NAT64- or ISATAP-configured networks, the cloud-metadata blocklist could be...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 2:16 a.m.12 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS0.00437EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53262

CVE-2026-53262 affects the Linux kernel ioctl path for the pppol2tp module (l2tp) where pppol2tp_ioctl() dereferenced sock->sk->sk_user_data without proper locking while a sleep could occur during copy_from_user(). If a concurrent socket close happened, l2tp_session_close() could free the s...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53262 l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: avoided a data race in l2tptunneldelwork We should only access sk-sksocket when dealing with kernel sockets. syzbot reported the following data race: BUG: KCSAN: data race in l2tptunneldelwork / skcommonrelease Task 5365...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tpudpencaprecv. syzbot reported memleak of struct l2tpsession, l2tptunnel, sock, etc. 0 The cited commit moved down the validation of the protocol version in l2tpudpencaprecv. The new place requires an extr...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/15 6:6 p.m.15 views

kernel security update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

9.8CVSS5.2AI score0.00563EPSS
Exploits0
OSV
OSV
added 2026/06/12 3:4 p.m.8 views

GHSA-24FP-5V3P-RVPW Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

8.5CVSS5.6AI score0.00038EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 9:14 a.m.13 views

SUSE-SU-2026:2383-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. - CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks...

9.8CVSS5.1AI score0.00563EPSS
Exploits16References27
OSV
OSV
added 2026/06/10 8:41 a.m.5 views

SUSE-SU-2026:2332-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks bsc1263790. - CVE-2026-43037: ip6tunnel: clear skb2-cb in ip4ip6err bsc1263995. - CVE-2026-43206:...

9.8CVSS5.6AI score0.00563EPSS
Exploits16References17
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.15 views

Malicious code in checkout-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...

5.3AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.8 views

CVE-2026-33892

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

7.1CVSS5.5AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 6:6 p.m.12 views

EUVD-2026-34878

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

9CVSS5.5AI score0.00294EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/05 6:0 p.m.10 views

CVE-2026-45748 Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /ssh/tunnel/connect endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields endpointIP, endpointUsername,...

9.8CVSS5.5AI score0.01729EPSS
Exploits1References2
Rows per page
Query Builder