TFTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an RISC-V 32-bit payload from a TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...

HTTP Fetch, Linux Execute Command

Fetch and execute an RISC-V 32-bit payload from an HTTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/http/riscv32le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec r...

HTTPS Fetch, Linux Chmod

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and s...

HTTP Fetch, Linux Chmod

Fetch and execute an RISC-V 64-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...

UBUNTU-CVE-2025-68764

In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag...

CVE-2025-68764

In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag...

CVE-2025-67705

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

CVE-2025-67709

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

CVE-2025-14986

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

PT-2025-54419

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...

CVE-2025-15113

Ksenia Security lares legacy model Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary...

Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

EUVD-2025-205854

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when the frontend.enableExecuteMultiOperation is enabled. An attacker can circumvent namespace-specific validation and feature gates by setting the embedded StartWorkflowExecutionRequest's namespace field to a...

CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992185 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the...

MAL-2025-192951 Malicious code in ugc-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffd0991cb1cc7098930838b404210022aa2667d78f2884417f449d85e90fb12 The package ugc-kit was found to contain malicious code. Source: ghsa-malware 4e44ecda4e96910709480e50046146e482992e36fb2e8429211e1f653376d123 Any...

Malicious code in telebot-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae13454f920b5cce1011546e4802ed263ce8218d4b484ef8471142abb42c3f3e The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

ROS-20251226-7304

Vulnerability in openvpn due to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...