metasploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	MSF:AUXILIARY-GATHER-	FreePBX Custom Extension SQL Injection_MSF:AUXILIARY-GATHER-FREEPBX_CUSTOM_EXTENSION_INJECTION- FreePBX versions prior to 16.0.44,16.0.92 and 17.0.23,17.0.6 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61675, in th...	N/A	N/A	Jan 28, 2026	METASPLOIT
CRITICAL 9.3	MSF:EXPLOIT-UNIX-	FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- The FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, i...	N/A	N/A	Jan 28, 2026	METASPLOIT
NONE	MSF:EXPLOIT-MULTI-	SSH Key Persistence_MSF:EXPLOIT-MULTI-PERSISTENCE-SSH_KEY- This module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to wo...	N/A	N/A	Jan 27, 2026	METASPLOIT
HIGH 8.8	MSF:EXPLOIT-LINUX-	Authenticated RCE in Splunk (splunk_archiver app)_MSF:EXPLOIT-LINUX-HTTP-SPLUNK_AUTH_RCE_CVE_2024_36985- This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk Enterprise splunkarchiver application. The flaw is rooted in th...	N/A	N/A	Jan 21, 2026	METASPLOIT
HIGH 8.8	MSF:EXPLOIT-MULTI-	Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)_MSF:EXPLOIT-MULTI-HTTP-SPLUNK_AUTH_RCE_CVE_2022_43571- This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into s...	N/A	N/A	Jan 21, 2026	METASPLOIT
CRITICAL 9.3	MSF:EXPLOIT-MULTI-	AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery_MSF:EXPLOIT-MULTI-HTTP-AVIDEO_NOTIFY_FFMPEG_UNAUTH_RCE- This module exploits an unauthenticated remote code execution RCE vulnerability in AVideo's notify.ffmpeg.json.php endpoint. The vulnerability stem...	N/A	N/A	Jan 16, 2026	METASPLOIT
NONE	MSF:AUXILIARY-ADMIN-	BadSuccessor: dMSA abuse to Escalate Privileges in Windows Active Directory_MSF:AUXILIARY-ADMIN-LDAP-BAD_SUCCESSOR- This module exploits 'Bad Successor', which allows operators to elevate privileges on domain controllers running at the Windows 2025 forest functio...	N/A	N/A	Jan 15, 2026	METASPLOIT
NONE	MSF:EXPLOIT-WINDOWS-	Notepad++ Plugin Persistence_MSF:EXPLOIT-WINDOWS-PERSISTENCE-NOTEPADPP_PLUGIN- This module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup...	N/A	N/A	Jan 15, 2026	METASPLOIT
NONE	MSF:EXPLOIT-WINDOWS-	WMI Event Subscription Interval Persistence_MSF:EXPLOIT-WINDOWS-PERSISTENCE-WMI-WMI_EVENT_SUBSCRIPTION_INTERVAL- This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after t...	N/A	N/A	Jan 14, 2026	METASPLOIT
NONE	MSF:EXPLOIT-WINDOWS-	WMI Event Subscription Process Persistence_MSF:EXPLOIT-WINDOWS-PERSISTENCE-WMI-WMI_EVENT_SUBSCRIPTION_PROCESS- This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload when th...	N/A	N/A	Jan 14, 2026	METASPLOIT