31 matches found
FTP Fetch, Windows Upload/Execute, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module...
FTP Fetch, Reverse TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an FTP server. Connect back to the attacker with UUID Support Windows x64 Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
CVE-2026-44712 pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...
Cloud Foundry BOSH Director 安全漏洞
Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. Versions of Cloud Foundry BOSH Director prior to v282.1.12 contained security vulnerabilities. These vulnerabilities stemmed from AgentClient not performin...
Security Bulletin: TDI is vulnerable to do not reject out of range writes due to uuid-11.1.0 - CVE-2026-41907
Summary portal-tdi, portal-tdl and portal gcm uses carbon data table and this library requires uuid 11.1.0 the same library have this CVE-2026-41907 Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6...
CVE-2026-44379 MISP: Improper UUID validation in MISP Collections
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...
PT-2026-40807
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...
Improper Memory Buffer Handling
uuid is vulnerable to Improper Memory Buffer Handling. The vulnerability is due to missing validation of buffer size and offset values during UUID generation, which allows an attacker to trigger silent partial writes into caller-provided buffers...
CVE-2026-41907
A flaw was found in uuid. The library's versions v3, v5, and v6 do not adequately check the size of external memory buffers provided by applications. This oversight allows the library to write data beyond the designated buffer limits without signaling an error. Such out-of-bounds writes can lead ...
UBUNTU-CVE-2026-41907
uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...
CVE-2026-41907
uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...
EUVD-2026-25190
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue...
CVE-2026-41988
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue...
CVE-2026-41988
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue...
uuid 安全漏洞
uuid is a JavaScript module developed by UUID, which allows for the generation of RFC-compliant UUIDs in JavaScript. Versions of uuid prior to 14.0.0 contained security vulnerabilities. These vulnerabilities occurred due to the use of an external output buffer, and accidental writes could occur...
0xgasless-mcp (>=1.0.3 <=1.0.5), 0xtrails (>=0.0.0-20251106131028 <=0.15.1) +15772 more potentially affected by CVE-2026-41907 via uuid (>=0.0.1 <=11.1.0)
uuid NPM version =0.0.1, =1.0.3, =0.0.0-20251106131028, =0.1.0, =3.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.11.0, =0.1.1, =0.0.1-251008.90016, =0.3.0 and more Source cves: CVE-2026-41907 Source advisory: OSV:GHSA-W5HQ-G745-H8PQ...
HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/peinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
CVE-2026-23327
In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxlpayloadfromuserallowed cxlpayloadfromuserallowed casts and dereferences the input payload without first verifying its size. When a raw mailbox command is sent with a...
CVE-2026-2366
CVE-2026-2366 – Keycloak Admin API information disclosure : A vulnerability in the Keycloak Admin API allows any authenticated user, even without admin privileges, to enumerate other users’ organization memberships if the attacker knows the victim’s UUID and the Organizations feature is enabled. ...
Fiber 安全特征问题漏洞
Fiber is Fiber open source an open source Web framework written in Go language . Fiber suffers from a security signature issue vulnerability. The vulnerability stems from an error not returned by the UUID function and can be exploited by an attacker to use predictable or low entropy identifiers i...