metasploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSF:EXPLOIT-MULTI-	Gogs Git Rebase Argument Injection RCE_MSF:EXPLOIT-MULTI-HTTP-GOGS_REBASE_RCE- This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a p...	N/A	N/A	Jun 3, 2026	METASPLOIT
NONE	MSF:POST-WINDOWS-	Windows Kernel Pointer Exposure Enumerator_MSF:POST-WINDOWS-GATHER-WINDOWS_KERNEL_POINTER_ENUM- This module enumerates kernel object pointers exposed via NtQuerySystemInformation with SystemExtendedHandleInformation. It categorizes exposed poi...	N/A	N/A	May 31, 2026	METASPLOIT
HIGH 8.8	MSF:EXPLOIT-MULTI-	Apache ActiveMQ RCE via Jolokia addNetworkConnector_MSF:EXPLOIT-MULTI-HTTP-APACHE_ACTIVEMQ_JOLOKIA_RCE- Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation ...	N/A	N/A	May 29, 2026	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-MULTI-	Supsystic Contact Form WordPress Plugin SSTI RCE_MSF:EXPLOIT-MULTI-HTTP-WP_PLUGIN_SUPSYSTIC_CONTACT_FORM_RCE- This module performs SSTI achieving RCE in webpages containing the Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and before. Module...	N/A	N/A	May 26, 2026	METASPLOIT
NONE	MSF:AUXILIARY-SCANNER-	Ollama Scanner_MSF:AUXILIARY-SCANNER-HTTP-OLLAMA_INFO- This module identifies ollama instances and enumerates the LLM models which have been loaded and are running. Module Options msf use auxiliary/scan...	N/A	N/A	May 21, 2026	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-MULTI-	Dompdf RCE via Malicious Font Caching (CVE-2022-28368)_MSF:EXPLOIT-MULTI-HTTP-DOMPDF_RCE_CVE_2022_28368- This module exploits CVE-2022-28368, a Remote Code Execution vulnerability in dompdf versions prior to 1.2.1. The vulnerability exists because domp...	N/A	N/A	May 21, 2026	METASPLOIT
HIGH 7.8	MSF:EXPLOIT-LINUX-	rxkad Page-Cache Write via CVE-2026-43500_MSF:EXPLOIT-LINUX-LOCAL-CVE_2026_43500_DIRTY_FRAG- CVE-2026-43500 exploits a memory-corruption vulnerability in the Linux kernel's RxRPC authentication subsystem rxkad. When a crafted DATA packet is...	N/A	N/A	May 21, 2026	METASPLOIT
HIGH 8.8	MSF:EXPLOIT-LINUX-	xfrm-ESP Page-Cache Write via CVE-2026-43284_MSF:EXPLOIT-LINUX-LOCAL-CVE_2026_43284_DIRTY_FRAG- CVE-2026-43284 is a Linux kernel page-cache write vulnerability in the IPsec/xfrm subsystem affecting ESP Encapsulating Security Payload fragmentat...	N/A	N/A	May 21, 2026	METASPLOIT
CRITICAL 9.8	MSF:AUXILIARY-SCANNER-	Citrix ADC (NetScaler) CVE-2026-3055 Scanner_MSF:AUXILIARY-SCANNER-HTTP-CITRIX_NETSCALER_CVE_2026_3055- This module scans for a vulnerability that allows a remote, unauthenticated attacker to leak memory from a target Citrix ADC server configured as a...	N/A	N/A	May 20, 2026	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-MULTI-	cPanel/WHM CRLF Injection Authentication Bypass RCE_MSF:EXPLOIT-MULTI-HTTP-CPANEL_WHM_AUTH_BYPASS_RCE- Exploits CVE-2026-41940, a CRLF injection in cPanel/WHM's cpsrvd daemon that allows unauthenticated remote code execution as root. The Basic-auth h...	N/A	N/A	May 18, 2026	METASPLOIT