425 matches found
Metasploit Wrap-Up 02/27/2026
No Prob-ollama This release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE CVE-2024-37032, a sophisticated exploit chaining arbitrary file writes into unauthenticated root RCE, and the...
Linux RC4 Packer with In-Memory Execution
This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/aarch64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...
Malicious code in ts-packer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7ed1f89788c69596bac0f4e3429cfadc252f8f2e7cc255616c6f63ad63d2eb The package ts-packer was found to contain malicious code. Source: ghsa-malware cf93507187d36aaad21ab48b27cbc91258ef6b442053c36ee60cc01adbe7e8b4 Any...
Malicious Package
Overview ts-packer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-1047 Malicious code in ts-packer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7ed1f89788c69596bac0f4e3429cfadc252f8f2e7cc255616c6f63ad63d2eb The package ts-packer was found to contain malicious code. Source: ghsa-malware cf93507187d36aaad21ab48b27cbc91258ef6b442053c36ee60cc01adbe7e8b4 Any...
GHSA-37CX-329C-33X3 vulnerabilities
Vulnerabilities for packages: nemo, tekton-pipelines-fips, flux-kustomize-controller-fips, dagger, zarf, grype-fips, cloudbeat-fips, chezmoi, grype, pulumi-language-java, xeol, tfsec, timoni, flux-operator, kyverno, grafana-alloy-fips, argocd-image-updater-fips, argo-workflows-fips, trivy,...
CVE-2026-25934 vulnerabilities
Vulnerabilities for packages: nemo, tekton-pipelines-fips, flux-kustomize-controller-fips, dagger, zarf, grype-fips, cloudbeat-fips, chezmoi, grype, pulumi-language-java, xeol, tfsec, timoni, flux-operator, kyverno, grafana-alloy-fips, argocd-image-updater-fips, argo-workflows-fips, trivy,...
AZL-76980 CVE-2025-58190 affecting package packer for versions less than 1.9.5-18
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77064 CVE-2025-58190 affecting package packer 1.9.5-11
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77067 CVE-2025-47911 affecting package packer 1.9.5-11
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76977 CVE-2025-47911 affecting package packer for versions less than 1.9.5-18
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-75476 CVE-2025-11065 affecting package packer 1.9.5-11
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75551 CVE-2025-11065 affecting package packer for versions less than 1.9.5-18
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1887 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)
org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...
CVE-2025-47913 affecting package packer for versions less than 1.9.5-11
CVE-2025-47913 affecting package packer for versions less than 1.9.5-11. A patched version of the package is available...
AZL-70340 CVE-2025-47913 affecting package packer for versions less than 1.9.5-11
SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...
AZL-70325 CVE-2025-47913 affecting package packer for versions less than 1.9.5-16
SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...
GHSA-CXQ7-XW9V-RCV3 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...
GHSA-9GCR-GP5F-JW27 vulnerabilities
Vulnerabilities for packages: knative-operator-fips, beats-fips, smarter-device-manager, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy, prometheus-alertmanager-fips,...
CVE-2025-58188 vulnerabilities
Vulnerabilities for packages: volsync-fips, knative-operator-fips, beats-fips, smarter-device-manager, nodetaint, skopeo-fips, kafkaexporter-fips, logstash-exporter, karpenter, kubernetes-csi-external-attacher, cluster-api-provider-vsphere, vault-secrets-webhook, monstache, kafka-proxy,...