Lucene search
K

50 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/06/26 7:32 p.m.8 views

Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more

Help shape the future of Metasploit Framework We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can shape the future of...

10CVSS7.3AI score0.99301EPSS
Exploits69
Metasploit
Metasploit
added 2026/06/25 7:5 p.m.185 views

Dalfox Found-Action Deserialization RCE

When dalfox version use exploit/linux/http/dalfoxserverrcecve202645087 msf exploitdalfoxserverrcecve202645087 show targets ...targets... msf exploitdalfoxserverrcecve202645087 set TARGET msf exploitdalfoxserverrcecve202645087 show options ...show and set options... msf...

10CVSS6.2AI score0.01051EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45088

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS5.6AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS5.7AI score0.01051EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-45089

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated...

8.2CVSS5.5AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.11 views

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.24 views

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

7.5CVSS0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 6:16 p.m.25 views

CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS0.01051EPSS
Exploits2References2
NVD
NVD
added 2026/05/27 6:16 p.m.19 views

CVE-2026-45088

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 6:16 p.m.17 views

CVE-2026-45089

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated...

8.2CVSS0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 5:35 p.m.43 views

CVE-2026-45088 Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:35 p.m.10 views

CVE-2026-45088

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 5:35 p.m.11 views

CVE-2026-45088 Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:35 p.m.13 views

EUVD-2026-32616

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:35 p.m.18 views

CVE-2026-45088

CVE-2026-45088 affects Dalfox when run in REST API server mode prior to version 2.13.0. The custom-payload-file field in model.Options is JSON-tagged and deserialized from the attacker’s request body, then propagated into the scan engine and passed to voltFile.ReadLinesOrLiteral. Each line of the...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 5:35 p.m.5 views

CVE-2026-45088 Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS6.1AI score0.00251EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 5:34 p.m.3 views

CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS6.2AI score0.01051EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/05/27 5:34 p.m.46 views

CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS0.01051EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:34 p.m.11 views

CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS6AI score0.01051EPSS
Exploits2References4Affected Software1
EUVD
EUVD
added 2026/05/27 5:34 p.m.13 views

EUVD-2026-32615

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS6AI score0.01051EPSS
Exploits2References2
Rows per page
Query Builder