CVE-2025-66485

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

PT-2026-30014

Name of the Vulnerable Software and Affected Versions Ech0 versions prior to 4.2.8 Description Ech0, a self-hosted publishing platform, has an unsafe link preview feature. The GET /api/website/title endpoint is unauthenticated and accepts attacker-controlled URLs. It performs a server-side GET...

Security update for osslsigncode (critical)

openSUSE Security Update: Security update for osslsigncode Announcement ID: openSUSE-SU-2026:0116-1 Rating: critical References: 1260680 Cross-References: CVE-2025-70888 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

SUSE CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

EUVD-2024-55533

Hirschmann HiEOS devices contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication handling to obtain elevated...

GHSA-Q2WW-5357-X388 Rack has Content-Length mismatch in Rack::Files error responses

Summary Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the...

CVE-2024-14034

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

CVE-2024-14034

CVE-2024-14034 affects Hirschmann HiEOS devices, featuring an authentication bypass in the HTTP(S) management module. The root cause is improper authentication handling that allows unauthenticated remote attackers to gain administrative access. Impact per sources includes the ability to perform u...

CVE-2024-14034 Hirschmann HiEOS Authentication Bypass via HTTP Management Module

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTPS Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTPS server. Use an established connection Module Options msf use payload/cmd/windows/https/x86/vncinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

HTTPS Fetch, Windows Reverse HTTP Stager (wininet)

Fetch and execute an x86 payload from an HTTPS server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/https/x86/vncinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

HTTPS Fetch, Windows x86 Pingback, Bind TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Open a socket and report UUID when a connection is received Windows x86 Module Options msf use payload/cmd/windows/https/x86/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...

HTTPS Fetch, Windows Command Shell, Bind TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/https/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

HTTPS Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTPS server. Use an established connection Module Options msf use payload/cmd/windows/https/x86/peinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

HTTPS Fetch, Windows Upload/Execute, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/upexec/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION...

HTTPS Fetch, Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...

HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager (DNS)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf...