2251 matches found
CVE-2026-55466
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...
CVE-2026-55466 Snipe-IT: Stored XSS via inline-served attachment
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...
CVE-2026-55466 Snipe-IT: Stored XSS via inline-served attachment
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...
CVE-2026-55466
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...
Linux Meterpreter, Reverse TCP Inline
Run the Meterpreter / Mettle server payload stageless Module Options msf use payload/linux/multi/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set options... m...
FTP Fetch, Windows x86 Pingback, Reverse TCP Inline
Fetch and execute an x86 payload from an FTP server. Connect back to attacker and report UUID Windows x86 Module Options msf use payload/cmd/windows/ftp/x86/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...
FTP Fetch, Windows Command Shell, Bind TCP Inline
Fetch and execute an x86 payload from an FTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/ftp/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...
FTP Fetch, Windows Meterpreter Shell, Bind TCP Inline (x64)
Fetch and execute an x64 payload from an FTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x64/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp set...
FTP Fetch, Windows Command Shell, Reverse TCP Inline
Fetch and execute an x86 payload from an FTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/windows/ftp/x86/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...
FTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an MIPSLE payload from an FTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/ftp/mipsle/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sho...
FTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute a x86 payload from an FTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/ftp/x86/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show optio...
FTP Fetch, Linux Command Shell, Reverse TCP Inline (IPv6)
Fetch and execute a x86 payload from an FTP server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/ftp/x86/shellreversetcpipv6 msf payloadshellreversetcpipv6 show actions ...actions... msf payloadshellreversetcpipv6 set ACTION msf...
FTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an PPC64 payload from an FTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/ftp/ppc64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...
FTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an PPC64 payload from an FTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/ftp/ppc64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...sh...
FTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an PPC payload from an FTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/ftp/ppc/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...
FTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an x64 payload from an FTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/ftp/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...
FTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute a x86 payload from an FTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/ftp/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show an...
CVE-2026-15026
The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...
CVE-2026-59935
A flaw was found in pypdf, a pure-python PDF library. A remote attacker can craft a malicious PDF file containing an unterminated inline image within the page content stream. When this crafted PDF is parsed, it can lead to an infinite loop, resulting in a denial of service DoS due to resource...
CVE-2026-15026
The CVE concerns the WordPress plugin “Import and export users and customers” (versions