metasploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSF:PAYLOAD-CMD-	TFTP Fetch, Linux Execute Command_MSF:PAYLOAD-CMD-LINUX-TFTP-RISCV32LE-EXEC- Fetch and execute an RISC-V 32-bit payload from a TFTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/tftp/riscv32le...	N/A	N/A	Jan 5, 2026	METASPLOIT
NONE	MSF:PAYLOAD-LINUX-	Linux Command Shell, Bind TCP Inline_MSF:PAYLOAD-LINUX-RISCV32LE-SHELL_BIND_TCP- Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...	N/A	N/A	Jan 5, 2026	METASPLOIT
NONE	MSF:PAYLOAD-LINUX-	Linux Command Shell, Bind TCP Inline_MSF:PAYLOAD-LINUX-RISCV64LE-SHELL_BIND_TCP- Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...	N/A	N/A	Jan 5, 2026	METASPLOIT
CRITICAL 9.8	MSF:AUXILIARY-GATHER-	GeoServer WMS GetMap XXE Arbitrary File Read_MSF:AUXILIARY-GATHER-GEOSERVER_WMS_GETMAP_XXE_FILE_READ- This module exploits an XML External Entity XXE vulnerability in GeoServer via the WMS GetMap operation. The vulnerability allows reading arbitrary...	N/A	N/A	Dec 30, 2025	METASPLOIT
HIGH 8.7	MSF:AUXILIARY-SCANNER-	MongoDB Memory Disclosure (CVE-2025-14847) – Mongobleed_MSF:AUXILIARY-SCANNER-MONGODB-CVE_2025_14847_MONGOBLEED- This module exploits a memory disclosure vulnerability in MongoDB's zlib decompression handling CVE-2025-14847. By sending crafted OPCOMPRESSED mes...	N/A	N/A	Dec 30, 2025	METASPLOIT
CRITICAL 10	MSF:EXPLOIT-LINUX-	HPE OneView unauthenticated RCE_MSF:EXPLOIT-LINUX-HTTP-HPE_ONEVIEW_RCE- This module exploits an unauthenticated RCE vulnerability, CVE-2025-37164, against Hewlett Packard Enterprise HPE OneView. All versions below 11.00...	N/A	N/A	Dec 20, 2025	METASPLOIT
NONE	MSF:EXPLOIT-WINDOWS-	Assistive Technologies Persistence_MSF:EXPLOIT-WINDOWS-PERSISTENCE-ASSISTIVE_TECHNOLOGY- This module achieves persistence by registering a custom Assistive Technology AT in the Windows registry. Then it configures the system to launch t...	N/A	N/A	Dec 20, 2025	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-MULTI-	WordPress ACF Extended Unauthenticated RCE via prepare_form()_MSF:EXPLOIT-MULTI-HTTP-WP_ACF_EXTENDED_RCE- This module exploits an unauthenticated Remote Code Execution vulnerability in the Advanced Custom Fields: Extended ACF Extended WordPress plugin v...	N/A	N/A	Dec 19, 2025	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-MULTI-	WordPress King Addons for Elementor Unauthenticated Privilege Escalation to RCE_MSF:EXPLOIT-MULTI-HTTP-WP_KING_ADDONS_PRIVILEGE_ESCALATION- This module exploits an unauthenticated privilege escalation vulnerability in the WordPress King Addons for Elementor plugin versions 24.12.92 to 5...	N/A	N/A	Dec 10, 2025	METASPLOIT
CRITICAL 9.1	MSF:EXPLOIT-MULTI-	Magento SessionReaper_MSF:EXPLOIT-MULTI-HTTP-MAGENTO_SESSIONREAPER- This module exploits CVE-2025-54236 SessionReaper, a critical vulnerability in Magento/Adobe Commerce that allows unauthenticated remote code execu...	N/A	N/A	Dec 10, 2025	METASPLOIT