metasploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	MSF:AUXILIARY-GATHER-	GeoServer WMS GetMap XXE Arbitrary File Read_MSF:AUXILIARY-GATHER-GEOSERVER_WMS_GETMAP_XXE_FILE_READ- This module exploits an XML External Entity XXE vulnerability in GeoServer via the WMS GetMap operation. The vulnerability allows reading arbitrary...	N/A	N/A	Dec 30, 2025	METASPLOIT
HIGH 8.7	MSF:AUXILIARY-SCANNER-	MongoDB Memory Disclosure (CVE-2025-14847) – Mongobleed_MSF:AUXILIARY-SCANNER-MONGODB-CVE_2025_14847_MONGOBLEED- This module exploits a memory disclosure vulnerability in MongoDB's zlib decompression handling CVE-2025-14847. By sending crafted OPCOMPRESSED mes...	N/A	N/A	Dec 30, 2025	METASPLOIT
CRITICAL 10	MSF:EXPLOIT-LINUX-	HPE OneView unauthenticated RCE_MSF:EXPLOIT-LINUX-HTTP-HPE_ONEVIEW_RCE- This module exploits an unauthenticated RCE vulnerability, CVE-2025-37164, against Hewlett Packard Enterprise HPE OneView. All versions below 11.00...	N/A	N/A	Dec 20, 2025	METASPLOIT
NONE	MSF:EXPLOIT-WINDOWS-	Assistive Technologies Persistence_MSF:EXPLOIT-WINDOWS-PERSISTENCE-ASSISTIVE_TECHNOLOGY- This module achieves persistence by registering a custom Assistive Technology AT in the Windows registry. Then it configures the system to launch t...	N/A	N/A	Dec 20, 2025	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-MULTI-	WordPress ACF Extended Unauthenticated RCE via prepare_form()_MSF:EXPLOIT-MULTI-HTTP-WP_ACF_EXTENDED_RCE- This module exploits an unauthenticated Remote Code Execution vulnerability in the Advanced Custom Fields: Extended ACF Extended WordPress plugin v...	N/A	N/A	Dec 19, 2025	METASPLOIT
CRITICAL 9.8	MSF:EXPLOIT-MULTI-	WordPress King Addons for Elementor Unauthenticated Privilege Escalation to RCE_MSF:EXPLOIT-MULTI-HTTP-WP_KING_ADDONS_PRIVILEGE_ESCALATION- This module exploits an unauthenticated privilege escalation vulnerability in the WordPress King Addons for Elementor plugin versions 24.12.92 to 5...	N/A	N/A	Dec 10, 2025	METASPLOIT
CRITICAL 9.1	MSF:EXPLOIT-MULTI-	Magento SessionReaper_MSF:EXPLOIT-MULTI-HTTP-MAGENTO_SESSIONREAPER- This module exploits CVE-2025-54236 SessionReaper, a critical vulnerability in Magento/Adobe Commerce that allows unauthenticated remote code execu...	N/A	N/A	Dec 10, 2025	METASPLOIT
NONE	MSF:NOP-LOONGAR...	Simple_MSF:NOP-LOONGARCH64-SIMPLE- Simple NOP generator Module Options msf use nop/loongarch64/simple msf nopsimple show actions ...actions... msf nopsimple set ACTION msf nopsimple ...	N/A	N/A	Dec 10, 2025	METASPLOIT
NONE	MSF:PAYLOAD-LINUX-	Linux Reboot_MSF:PAYLOAD-LINUX-LOONGARCH64-REBOOT- A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBO...	N/A	N/A	Dec 10, 2025	METASPLOIT
CRITICAL 10	MSF:EXPLOIT-MULTI-	Unauthenticated RCE in React and Next.js_MSF:EXPLOIT-MULTI-HTTP-REACT2SHELL_UNAUTH_RCE_CVE_2025_55182- A critical unauthenticated Remote Code Execution RCE vulnerability exists in React Server Components RSC Flight protocol. The vulnerability allows ...	N/A	N/A	Dec 9, 2025	METASPLOIT