Lucene search
K

1502987 matches found

Rapid7 Blog
Rapid7 Blog
added yesterday3 views

Weekly Metasploit Update: Modules for SMB-to-Meterpreter, Peyara Remote Mouse RCE exploit, and more

It's Time to Upgrade Your SMB Session This week, Metasploit contributor Dean Welch has added an SMB to Meterpreter session upgrade module. It uses PsExec to facilitate the upgrade. Users can load the module with use windows/manage/smbtometerpreter and specify the session number they wish to...

6AI score
Exploits0
Debian
Debian
added yesterday2 views

[SECURITY] [DLA 4667-1] nginx security update

Debian LTS Advisory DLA-4667-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara July 03, 2026 https://wiki.debian.org/LTS Package : nginx Version : 1.22.1-9+deb12u9 CVE ID : CVE-2026-42055 CVE-2026-48142 Debian Bug : 1140359 1140361 Multiple...

9.2CVSS6.5AI score0.02838EPSS
Exploits1
GithubExploit
GithubExploit
added yesterday20 views

cvss-exploit-evaluator

CVSS & Exploit Evaluator A professional Claude Skill...

10CVSS7.6AI score0.99999EPSS
Exploits349
Debian CVE
Debian CVE
added yesterday5 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score
Exploits0
The Hacker News
The Hacker News
added yesterday2 views

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras,...

7.6CVSS6AI score0.00232EPSS
Exploits8
GithubExploit
GithubExploit
added yesterday30 views

Metasploit

Metasploit Research Structured documentation of my Metasploit...

6AI score
Exploits0
The Hacker News
The Hacker News
added yesterday4 views

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll CVE-2026-46242 lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's mos...

7.8CVSS6.6AI score0.00123EPSS
Exploits0
Debian
Debian
added yesterday2 views

[SECURITY] [DLA 4665-1] linux security update

Debian LTS Advisory DLA-4665-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings July 03, 2026 https://wiki.debian.org/LTS Package : linux Version : 6.1.176-1 CVE ID : CVE-2023-53292 CVE-2023-53989 CVE-2023-54125 CVE-2023-54271 CVE-2023-54322 CVE-2024-27012...

9.8CVSS6AI score0.00737EPSS
Exploits16
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-14604

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The...

6.5CVSS6.3AI score
Exploits0
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-58379

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.7AI score
Exploits0
Debian
Debian
added yesterday3 views

[SECURITY] [DLA 4664-1] linux security update

Debian LTS Advisory DLA-4664-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings July 03, 2026 https://wiki.debian.org/LTS Package : linux Version : 5.10.259-1 CVE ID : CVE-2021-47188 CVE-2021-47211 CVE-2022-48703 CVE-2022-49135 CVE-2022-49158 CVE-2022-49183...

9.8CVSS6.7AI score0.00737EPSS
Exploits5
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score
Exploits0
Nuclei
Nuclei
added yesterday25 views

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection. id: CVE-2025-49493 info: name: Akamai CloudTest 60 2025.06.02 - XML External Entity XXE author: xbow,3th1cyuk1 severity: critical description: | Akamai CloudTest before 60 2025.06.02 12988...

5.8CVSS6.2AI score0.03395EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday17 views

Astro Cloudflare Adapter - Server Side Request Forgery

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6AI score0.00773EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday41 views

Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal

A directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...

7.8CVSS6.1AI score0.26393EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday69 views

Cisco Unified Communications Manager 7/8/9 - Directory Traversal

A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 id: CVE-2013-5528 info: name:...

8.1CVSS7.3AI score0.88559EPSS
Exploits22References4
Nuclei
Nuclei
added yesterday72 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.5AI score0.83284EPSS
Exploits24References5
Nuclei
Nuclei
added yesterday12 views

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter. id: CVE-2019-20504 info: name: Dell KACE Systems Management Appliance K1000 6.4.120756 - Remote Code Execution...

9.8CVSS7.4AI score0.0955EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday42 views

Prometheus - Open Redirect

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...

6.5CVSS6.5AI score0.1956EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday399 views

MantisBT <=2.30 - Arbitrary Password Reset/Admin Access

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php. id: CVE-2017-7615 THIS TEMPLATE IS ONLY FOR DETECTING To carry out further attacks, please see reference2 below. This template works by guessing user ID. MantisBT...

8.8CVSS7.3AI score0.90856EPSS
Exploits10
Rows per page
Query Builder