Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7588 matches found

Metasploit
Metasploitadded 2026/04/02 7:2 p.m.116 views

HTTPS Fetch, Bind IPv6 TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/meterpreter/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.113 views

HTTPS Fetch, Windows shellcode stage, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/https/x86/custom/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.111 views

HTTPS Fetch

Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run This module requires Metasploit:...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.115 views

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/dllinject/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns show option...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.113 views

HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/dllinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show an...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.112 views

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.152 views

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/dllinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.152 views

HTTPS Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Tunnel communication over HTTPS Windows winhttp Module Options msf use payload/cmd/windows/https/x86/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION ms...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.156 views

HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager (DNS)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/custom/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns sh...

5.9AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.157 views

HTTPS Fetch, Windows shellcode stage, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/custom/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...

6AI score
Exploits0
Metasploit
Metasploitadded 2026/04/02 7:2 p.m.153 views

HTTPS Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

5.9AI score
Exploits0
OSV
OSVadded 2026/04/02 9:11 a.m.0 views

OPENSUSE-SU-2026:20461-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. - CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054...

7.5CVSS6AI score0.00928EPSS
Exploits3References4
Tenable Nessus
Tenable Nessusadded 2026/04/01 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-24029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skippe...

6.5CVSS5.8AI score0.00002EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/03/31 11:28 p.m.1 views

SUSE CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.9AI score0.00002EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/31 12:31 p.m.0 views

EUVD-2026-17403

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.9AI score0.00002EPSS
Exploits0References2
OSV
OSVadded 2026/03/31 12:16 p.m.2 views

UBUNTU-CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.8AI score0.00002EPSS
Exploits0References4
CVE
CVEadded 2026/03/31 11:59 a.m.3 views

CVE-2026-24029

CVE-2026-24029 affects a DNS-over-HTTPS frontend using the nghttp2 provider. When the early_acl_drop (earlyACLDrop in Lua) option is disabled, the ACL check is skipped, permitting all clients to issue DoH queries regardless of the configured ACL. The default setting enables early_acl_drop, so the...

6.5CVSS5.9AI score0.00002EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/03/31 11:59 a.m.22 views

CVE-2026-24029 DNS over HTTPS ACL bypass

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS0.00002EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2026/03/31 11:59 a.m.1 views

CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.8AI score0.00002EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/03/31 11:59 a.m.2 views

CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.2AI score0.00002EPSS
Exploits0
Rows per page
Query Builder