3832 matches found
CVE-2026-49969
Vulnerability overview: Laravel-Mediable
Astro Cloudflare Adapter - Server Side Request Forgery
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
Malicious code in chat-adapter-zoom (npm)
The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...
MAL-2026-10228 Malicious code in chat-adapter-zoom (npm)
The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...
CVE-2026-61448 Parse Server 9.0.0 Stored XSS via malformed Content-Type
Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...
FTP Fetch, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an FTP server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/ftp/x86/patchupmeterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
FTP Fetch, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an FTP server. Use an established connection Module Options msf use payload/cmd/windows/ftp/x86/patchupdllinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...
FTP Fetch, Windows x64 Reverse TCP Stager
Fetch and execute an x64 payload from an FTP server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...
FTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x64/vncinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...
FTP Fetch, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an FTP server. Use an established connection Module Options msf use payload/cmd/windows/ftp/x86/dllinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...
FTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/dllinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and se...
FTP Fetch, Bind TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an FTP server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/ftp/x86/patchupdllinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid sho...
FTP Fetch, Windows Meterpreter Service, Bind TCP
Fetch and execute an x86 payload from an FTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/windows/ftp/x86/metsvcbindtcp msf payloadmetsvcbindtcp show actions ...actions... msf payloadmetsvcbindtcp set ACTION msf payloadmetsvcbindtcp show optio...
FTP Fetch
Fetch and execute a x86 payload from an FTP server. Module Options msf use payload/cmd/linux/ftp/x86/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and set...
FTP Fetch
Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/linux/ftp/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and set...
HTTPS Fetch
Fetch and execute a script to determine the host arch and execute a payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/multi/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf...
FTP Fetch
Fetch and execute an ARMBE payload from an FTP server. Module Options msf use payload/cmd/linux/ftp/armbe/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and set...
EUVD-2026-42764
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...
CVE-2026-15311
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...
EUVD-2026-34013
Tesla vulnerable to atom exhaustion via untrusted URL scheme...