HTTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline

Fetch and execute an x86 payload from an HTTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x86/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...

HTTPS Fetch, Bind IPv6 TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/peinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...sho...

HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show...

HTTP Fetch, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/dllinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...

HTTP Fetch, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/dllinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...

HTTP Fetch, Windows shellcode stage, Bind IPv6 TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...

HTTP Fetch, Windows shellcode stage, Windows Reverse HTTP Stager (wininet)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/http/x86/custom/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf...

CVE-2026-34119 Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An...

SUSE-SU-2026:1174-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. - CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429...

SUSE CVE-2026-5273

Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

USN-8144-1 undertow vulnerability

It was discovered that Undertow incorrectly validated the Host header in incoming HTTP requests. A remote attacker could possibly use this issue to gain unintended access to user sessions...

PT-2026-29897

Name of the Vulnerable Software and Affected Versions cveInterface.js affected versions not specified Description A cross-site scripting XSS issue exists in cveInterface.js. The component trusts input received from CVE API services, allowing injected HTML to be displayed. Recommendations At the...

PT-2026-33152

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description An out of bounds write in the GPU allows a remote attacker who has compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. An out of bounds write...

Belden Hirschmann HiEOS LRS11 安全漏洞

Belden Hirschmann HiEOS LRS11 is an industrial Ethernet switch operating system platform developed by the American company Belden. Versions of Belden Hirschmann HiEOS LRS11 prior to 01.1.00 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of authentication ...

PT-2026-38110

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in Fullscreen on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use...

PT-2026-38113

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use after free is a...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from a flaw that allowed attackers to inject HTML into new CA...

CVE-2025-66486 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

EUVD-2026-18027

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost

The Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origi...