Lucene search
K

425 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/02/27 8:25 p.m.14 views

Metasploit Wrap-Up 02/27/2026

No Prob-ollama This release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE CVE-2024-37032, a sophisticated exploit chaining arbitrary file writes into unauthenticated root RCE, and the...

9.9CVSS7.3AI score0.89633EPSS
Exploits17
Metasploit
Metasploit
added 2026/02/26 6:59 p.m.243 views

Linux RC4 Packer with In-Memory Execution

This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/aarch64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/26 11:22 a.m.8 views

Malicious code in ts-packer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7ed1f89788c69596bac0f4e3429cfadc252f8f2e7cc255616c6f63ad63d2eb The package ts-packer was found to contain malicious code. Source: ghsa-malware cf93507187d36aaad21ab48b27cbc91258ef6b442053c36ee60cc01adbe7e8b4 Any...

5.9AI score
Exploits0References1
Snyk
Snyk
added 2026/02/26 11:22 a.m.5 views

Malicious Package

Overview ts-packer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/02/26 11:22 a.m.2 views

MAL-2026-1047 Malicious code in ts-packer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7ed1f89788c69596bac0f4e3429cfadc252f8f2e7cc255616c6f63ad63d2eb The package ts-packer was found to contain malicious code. Source: ghsa-malware cf93507187d36aaad21ab48b27cbc91258ef6b442053c36ee60cc01adbe7e8b4 Any...

5.9AI score
Exploits0References1
Chainguard
Chainguard
added 2026/02/10 7:17 p.m.7 views

GHSA-37CX-329C-33X3 vulnerabilities

Vulnerabilities for packages: nemo, tekton-pipelines-fips, flux-kustomize-controller-fips, dagger, zarf, grype-fips, cloudbeat-fips, chezmoi, grype, pulumi-language-java, xeol, tfsec, timoni, flux-operator, kyverno, grafana-alloy-fips, argocd-image-updater-fips, argo-workflows-fips, trivy,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/02/10 7:17 p.m.6 views

CVE-2026-25934 vulnerabilities

Vulnerabilities for packages: nemo, tekton-pipelines-fips, flux-kustomize-controller-fips, dagger, zarf, grype-fips, cloudbeat-fips, chezmoi, grype, pulumi-language-java, xeol, tfsec, timoni, flux-operator, kyverno, grafana-alloy-fips, argocd-image-updater-fips, argo-workflows-fips, trivy,...

4.3CVSS6.1AI score0.00136EPSS
Exploits0
OSV
OSV
added 2026/02/05 6:16 p.m.5 views

AZL-76980 CVE-2025-58190 affecting package packer for versions less than 1.9.5-18

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.10 views

AZL-77064 CVE-2025-58190 affecting package packer 1.9.5-11

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.9 views

AZL-77067 CVE-2025-47911 affecting package packer 1.9.5-11

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.5 views

AZL-76977 CVE-2025-47911 affecting package packer for versions less than 1.9.5-18

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 8:16 p.m.8 views

AZL-75476 CVE-2025-11065 affecting package packer 1.9.5-11

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.6AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 8:16 p.m.7 views

AZL-75551 CVE-2025-11065 affecting package packer for versions less than 1.9.5-18

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.3AI score0.00357EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.9 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1887 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

7.5CVSS7.3AI score0.00515EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/11/24 10:21 p.m.6 views

CVE-2025-47913 affecting package packer for versions less than 1.9.5-11

CVE-2025-47913 affecting package packer for versions less than 1.9.5-11. A patched version of the package is available...

7.5CVSS6.5AI score0.00591EPSS
Exploits1
OSV
OSV
added 2025/11/13 10:15 p.m.6 views

AZL-70340 CVE-2025-47913 affecting package packer for versions less than 1.9.5-11

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

7.5CVSS6.7AI score0.00591EPSS
Exploits1References1
OSV
OSV
added 2025/11/13 10:15 p.m.8 views

AZL-70325 CVE-2025-47913 affecting package packer for versions less than 1.9.5-16

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

7.5CVSS6.7AI score0.00591EPSS
Exploits1References1
Chainguard
Chainguard
added 2025/11/02 1:49 p.m.7 views

GHSA-CXQ7-XW9V-RCV3 vulnerabilities

Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2025/11/02 1:49 p.m.6 views

GHSA-9GCR-GP5F-JW27 vulnerabilities

Vulnerabilities for packages: knative-operator-fips, beats-fips, smarter-device-manager, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy, prometheus-alertmanager-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2025/11/02 1:49 p.m.11 views

CVE-2025-58188 vulnerabilities

Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...

7.5CVSS7AI score0.00361EPSS
Exploits0
Rows per page
Query Builder