Lucene search
K

10 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/06/19 5:8 p.m.6 views

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlmrelay2self module coerces the local machine account to authenticate via...

10CVSS6.8AI score0.01972EPSS
Exploits11
RedhatCVE
RedhatCVE
added 2026/04/25 1:22 a.m.12 views

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS5.8AI score0.03575EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/23 7:58 p.m.9 views

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS6.6AI score0.02804EPSS
Exploits1References1
NVD
NVD
added 2026/04/22 7:17 p.m.6 views

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS0.03575EPSS
Exploits1References8
CVE
CVE
added 2026/04/22 6:33 p.m.14 views

CVE-2026-34413

Xerte Online Toolkits 3.15 and earlier suffer a missing authentication vulnerability in the elFinder connector endpoint /editor/elfinder/php/connector.php. An HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request se...

8.8CVSS6.6AI score0.02804EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/04/22 6:33 p.m.3 views

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS6AI score0.03575EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/04/22 6:32 p.m.5 views

CVE-2026-34414

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.3AI score0.02826EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34535

Name of the Vulnerable Software and Affected Versions Xerte Online Toolkits versions 3.15 and earlier Description A missing authentication issue exists in the elFinder connector endpoint '/editor/elfinder/php/connector.php'. An HTTP redirect to unauthenticated callers fails to call exit or die,...

8.8CVSS6.7AI score0.02804EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32985

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass...

9.8CVSS6.2AI score0.01479EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:6 a.m.4 views

CVE-2026-32985

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass...

9.8CVSS6.2AI score0.01479EPSS
Exploits2References3
Rows per page
Query Builder