metasploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	MSF:AUXILIARY-GATHER-	Gladinet CentreStack/Triofox Path Traversal_MSF:AUXILIARY-GATHER-GLADINET_STORAGE_PATH_TRAVERSAL_CVE_2025_11371- This module exploits a path traversal vulnerability CVE-2025-11371 in Gladinet CentreStack and Triofox that allows an unauthenticated attacker to r...	N/A	N/A	Feb 4, 2026	METASPLOIT
NONE	MSF:AUXILIARY-GATHER-	Gladinet CentreStack/Triofox Access Ticket Forge_MSF:AUXILIARY-GATHER-GLADINET_STORAGE_ACCESS_TICKET_FORGE- This module forges access tickets for the Gladinet CentreStack/Triofox /storage/filesvr.dn endpoint. The vulnerability exists because the applicati...	N/A	N/A	Feb 4, 2026	METASPLOIT
CRITICAL 9.3	MSF:EXPLOIT-UNIX-	FreePBX endpoint SQLi to RCE_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_CUSTOM_EXTENSION_RCE- FreePBX is an open-source IP PBX management tool that provides a modern phone system for businesses that use VoIP to make and receive phone calls. ...	N/A	N/A	Jan 29, 2026	METASPLOIT
CRITICAL 9.3	MSF:AUXILIARY-GATHER-	FreePBX Custom Extension SQL Injection_MSF:AUXILIARY-GATHER-FREEPBX_CUSTOM_EXTENSION_INJECTION- FreePBX versions prior to 16.0.44,16.0.92 and 17.0.23,17.0.6 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61675, in th...	N/A	N/A	Jan 28, 2026	METASPLOIT
CRITICAL 9.3	MSF:EXPLOIT-UNIX-	FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- The FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, i...	N/A	N/A	Jan 28, 2026	METASPLOIT
NONE	MSF:EXPLOIT-MULTI-	SSH Key Persistence_MSF:EXPLOIT-MULTI-PERSISTENCE-SSH_KEY- This module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to wo...	N/A	N/A	Jan 27, 2026	METASPLOIT
HIGH 8.8	MSF:EXPLOIT-LINUX-	Authenticated RCE in Splunk (splunk_archiver app)_MSF:EXPLOIT-LINUX-HTTP-SPLUNK_AUTH_RCE_CVE_2024_36985- This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk Enterprise splunkarchiver application. The flaw is rooted in th...	N/A	N/A	Jan 21, 2026	METASPLOIT
HIGH 8.8	MSF:EXPLOIT-MULTI-	Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)_MSF:EXPLOIT-MULTI-HTTP-SPLUNK_AUTH_RCE_CVE_2022_43571- This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into s...	N/A	N/A	Jan 21, 2026	METASPLOIT
CRITICAL 9.3	MSF:EXPLOIT-MULTI-	AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery_MSF:EXPLOIT-MULTI-HTTP-AVIDEO_NOTIFY_FFMPEG_UNAUTH_RCE- This module exploits an unauthenticated remote code execution RCE vulnerability in AVideo's notify.ffmpeg.json.php endpoint. The vulnerability stem...	N/A	N/A	Jan 16, 2026	METASPLOIT
NONE	MSF:AUXILIARY-ADMIN-	BadSuccessor: dMSA abuse to Escalate Privileges in Windows Active Directory_MSF:AUXILIARY-ADMIN-LDAP-BAD_SUCCESSOR- This module exploits 'Bad Successor', which allows operators to elevate privileges on domain controllers running at the Windows 2025 forest functio...	N/A	N/A	Jan 15, 2026	METASPLOIT