Lucene search
K

1082 matches found

Metasploit
Metasploit
โ€ขadded 5 days agoโ€ข25 views

FTP Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/ftp/x86/peinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid show...

6.2AI score
Exploits0
Metasploit
Metasploit
โ€ขadded 5 days agoโ€ข12 views

FTP Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an FTP server. Custom shellcode stage. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTIO...

6.2AI score
Exploits0
Metasploit
Metasploit
โ€ขadded 5 days agoโ€ข14 views

FTP Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager with UUID Support

Fetch and execute an x64 payload from an FTP server. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set...

6.2AI score
Exploits0
Metasploit
Metasploit
โ€ขadded 5 days agoโ€ข15 views

FTP Fetch, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an FTP server. Custom shellcode stage. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
โ€ขadded 5 days agoโ€ข12 views

FTP Fetch, Linux Command Shell, Bind IPv6 TCP Stager with UUID Support (Linux x86)

Fetch and execute a x86 payload from an FTP server. Spawn a command shell staged. Listen for an IPv6 connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/ftp/x86/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set...

6.2AI score
Exploits0
NVD
NVD
โ€ขadded 6 days agoโ€ข7 views

CVE-2026-60095

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...

6.9CVSS0.00463EPSS
Exploits0References3
CVE
CVE
โ€ขadded 6 days agoโ€ข10 views

CVE-2026-60095

Vinchin Backup & Recovery 9.0.0.86562 is affected by a stack buffer overflow in the agentlink_serverโ€™s ModuleHandShake function. The flaw arises from copying an oversized _listen_uuid (measured via strlen) into a fixed-length stack buffer using strcpy(), allowing unauthenticated remote attackers ...

6.9CVSS6.2AI score0.00463EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/07/08 1:16 a.m.โ€ข7 views

CVE-2026-55438

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the...

6.8CVSS0.00222EPSS
Exploits0References7
EUVD
EUVD
โ€ขadded 2026/07/08 12:31 a.m.โ€ข6 views

EUVD-2026-42151

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the...

6.8CVSS6AI score0.00222EPSS
Exploits0References7
CVE
CVE
โ€ขadded 2026/07/08 12:31 a.m.โ€ข14 views

CVE-2026-55438

Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, subdomain-based proxy would bypass the same-owner CORS check when a workspace-name segment parsed as a UUID. The workspace could be resolved by ID with...

6.8CVSS6AI score0.00222EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/07/08 12:31 a.m.โ€ข6 views

CVE-2026-55438

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the...

5.8CVSS6AI score0.00222EPSS
Exploits0References8Affected Software1
OSV
OSV
โ€ขadded 2026/07/08 12:31 a.m.โ€ข5 views

CVE-2026-55438 Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the...

5.8CVSS6AI score0.00222EPSS
Exploits0References9
OSV
OSV
โ€ขadded 2026/07/07 11:57 p.m.โ€ข7 views

CVE-2026-55428 Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...

8.2CVSS6AI score0.00405EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/07/07 9:10 p.m.โ€ข6 views

CVE-2026-46354

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS6.1AI score0.0026EPSS
Exploits0References9Affected Software1
OSV
OSV
โ€ขadded 2026/07/07 4:41 p.m.โ€ข9 views

GO-2026-5918 Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing in github.com/coder/coder

Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing in github.com/coder/coder...

6.8CVSS5.9AI score0.00222EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/07/07 4:17 a.m.โ€ข9 views

CVE-2026-34044

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS0.00244EPSS
Exploits0References3
Github Security Blog
Github Security Blog
โ€ขadded 2026/07/06 9:14 p.m.โ€ข6 views

Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing

Summary Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the...

6.8CVSS5.9AI score0.00222EPSS
Exploits0References4Affected Software1
OSV
OSV
โ€ขadded 2026/07/06 8:58 p.m.โ€ข5 views

GHSA-WRQ8-FCV5-8HVP Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator

Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...

8.2CVSS6AI score0.00405EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 6:44 a.m.โ€ข3 views

Security Bulletin: IBM Quantum Safe Remediator is affected by mutiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the versions of the affected libraries. Vulnerability Details CVEID:CVE-2026-39824 DESCRIPTION:...

9.3CVSS6.4AI score0.00492EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2026/07/06 12:0 a.m.โ€ข9 views

PT-2026-56082

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The subdomain-based workspace app proxy allows a bypass of the same-owner Cross-Origin Resource Sharing CO...

5.8CVSS6AI score0.00222EPSS
Exploits0References10
Rows per page
Query Builder