metasploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSF:EXPLOIT-MULTI-	Xerte Online Toolkits Arbitrary File Upload – Import Language_MSF:EXPLOIT-MULTI-HTTP-XERTE_UNAUTHENTICATED_IMPORTLANGUAGE- This module exploits an authentication bypass allowing arbitrary file upload in versions 3.14 and earlier to upload and execute a shell. Module Opt...	N/A	N/A	Feb 13, 2026	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-LINUX-	GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061_MSF:EXPLOIT-LINUX-TELNET-GNU_INETUTILS_AUTH_BYPASS- The telnetd service from GNU InetUtils is vulnerable to authentication-bypass, tracked as CVE-2026-24061, in versions up to version 2.7. During Tel...	N/A	N/A	Feb 12, 2026	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-LINUX-	Ivanti Endpoint Manager Mobile (EPMM) unauthenticated RCE_MSF:EXPLOIT-LINUX-HTTP-IVANTI_EPMM_RCE- This module exploits a OS command injection issue in Ivanti Endpoint Manager Mobile EPMM, formerly known as MobileIron. A remote attacker can achie...	N/A	N/A	Feb 10, 2026	METASPLOIT
CRITICAL 9.8	MSF:AUXILIARY-GATHER-	Gladinet CentreStack/Triofox Path Traversal_MSF:AUXILIARY-GATHER-GLADINET_STORAGE_PATH_TRAVERSAL_CVE_2025_11371- This module exploits a path traversal vulnerability CVE-2025-11371 in Gladinet CentreStack and Triofox that allows an unauthenticated attacker to r...	N/A	N/A	Feb 4, 2026	METASPLOIT
NONE	MSF:AUXILIARY-GATHER-	Gladinet CentreStack/Triofox Access Ticket Forge_MSF:AUXILIARY-GATHER-GLADINET_STORAGE_ACCESS_TICKET_FORGE- This module forges access tickets for the Gladinet CentreStack/Triofox /storage/filesvr.dn endpoint. The vulnerability exists because the applicati...	N/A	N/A	Feb 4, 2026	METASPLOIT
CRITICAL 9.3	MSF:EXPLOIT-UNIX-	FreePBX endpoint SQLi to RCE_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_CUSTOM_EXTENSION_RCE- FreePBX is an open-source IP PBX management tool that provides a modern phone system for businesses that use VoIP to make and receive phone calls. ...	N/A	N/A	Jan 29, 2026	METASPLOIT
CRITICAL 9.3	MSF:AUXILIARY-GATHER-	FreePBX Custom Extension SQL Injection_MSF:AUXILIARY-GATHER-FREEPBX_CUSTOM_EXTENSION_INJECTION- FreePBX versions prior to 16.0.44,16.0.92 and 17.0.23,17.0.6 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61675, in th...	N/A	N/A	Jan 28, 2026	METASPLOIT
CRITICAL 9.3	MSF:EXPLOIT-UNIX-	FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- The FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, i...	N/A	N/A	Jan 28, 2026	METASPLOIT
NONE	MSF:EXPLOIT-MULTI-	SSH Key Persistence_MSF:EXPLOIT-MULTI-PERSISTENCE-SSH_KEY- This module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to wo...	N/A	N/A	Jan 27, 2026	METASPLOIT
HIGH 8.8	MSF:EXPLOIT-LINUX-	Authenticated RCE in Splunk (splunk_archiver app)_MSF:EXPLOIT-LINUX-HTTP-SPLUNK_AUTH_RCE_CVE_2024_36985- This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk Enterprise splunkarchiver application. The flaw is rooted in th...	N/A	N/A	Jan 21, 2026	METASPLOIT