HTTP Fetch, Linux Reboot

Fetch and execute an RISC-V 64-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv64le/reboot msf...

TFTP Fetch, Linux Reboot

Fetch and execute an RISC-V 64-bit payload from a TFTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/tftp/riscv64le/reboot msf...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an RISC-V 64-bit payload from an HTTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/http/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...

PT-2026-1334

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2025.1.6 Spinnaker versions prior to 2025.2.3 Spinnaker versions prior to 2025.3.0 Description Spinnaker, an open source, multi-cloud continuous delivery platform, is susceptible to server-side request forgery. This...

CVE-2025-15414

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...

CVE-2025-15414

The CVE-2025-15414 issue affects go-sonic up to version 1.1.4, specifically the FetchTheme function in service/theme/git_fetcher.go of the Theme Fetching API. The root cause is manipulation of the uri argument that enables server-side request forgery (SSRF), with the attack potentially executable...

CVE-2025-15414 go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...

Sonic 代码问题漏洞

Sonic is a go-sonic open source high performance blogging system developed using golang. A code issue vulnerability exists in Sonic 1.1.4 and earlier versions, which stems from the incorrect operation of the parameter uri in the FetchTheme function in the Theme Fetching API component file...

CVE-2022-50799 Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the...

CVE-2022-50799 Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the...

CVE-2022-50799

CVE-2022-50799 affects Fetch FTP Client 5.8.2. The vulnerability is a denial-of-service caused by processing long FTP server responses (>2 KB) that can drive 100% CPU usage and potentially crash the application. Multiple connected sources corroborate the issue and describe the impact as networ...

Fetch 安全漏洞

Fetch is an FTP file transfer client from Fetch USA. A security vulnerability exists in Fetch version 5.8.2, which stems from consuming 100% CPU while processing an extremely long server response, which may result in a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992228 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in xfrmpolicycheck The issue happens on an error path in xfrmpolicycheck...

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fetchWithRetry method. The issue results from the...

PT-2025-53840

Name of the Vulnerable Software and Affected Versions Framelink Figma MCP Server affected versions not specified Description This issue allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server without requiring authentication. The flaw resides with...

CVE-2025-12491

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

UBUNTU-CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

CVE-2025-12491

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

Senstar Symphony 信息泄露漏洞

Senstar Symphony is an intelligent video management software from Senstar Canada. An information disclosure vulnerability exists in Senstar Symphony that stems from an improper implementation of the FetchStoredLicense method leading to an information disclosure that could reveal sensitive...

PT-2025-51766

Name of the Vulnerable Software and Affected Versions Ctera Portal versions 8.1.x 8.1.1417.24 Description A Server-Side Request Forgery SSRF issue exists in Ctera Portal. This allows remote attackers to make arbitrary HTTP requests by providing a crafted HTML file containing an iframe. The...