newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-09 00:50Z
Subscribe to news →
CVE-2026-46484 — Headplane: Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal /
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-52778 — YesWiki: This implementation is inherently flawed: it is vulnerable to Regular Expression Denial of Service
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passing them to the PHP eval() function. This implementation is inherently flawed: it is vulnerable to Regular Expression Denial of Service (ReDoS / Stack Overflow) which can crash the se CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-11557 — Executing a manipulation of the argument page can lead to stack-based buffer overflow.
A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11393 — Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account, via a crafted collaborationInstruction stored on a Bedrock Agent collaborator and later processed by that other user during agent import. To remedia CVSSv3.1 9.0 (CRITICAL)
9.0
CVSS v3.1
95
Edit Score
CVE-2026-11556 — Performing a manipulation of the argument mac results in os command injection.
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11553 — Tenda: The manipulation of the argument encodename results in stack-based buffer overflow.
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46481 — OpenMetadata: Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in request.connection.config.password and the ingestion bot JWT in openMetadataServerConnection.securityConfig.jwtToken. The leaked ingestion-bot token can then be reused as Authorization: Bearer <jwt> to access s CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-41448 — AdGuard: Home, when started with the --glinet flag, contains an authentication bypass vulnerability that
AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request with a traversal payload in the Admin-Token header to redirect file reads to arbitrary paths. CVSSv3.1 9.4 (CRITICAL)
9.4
CVSS v3.1
97
Edit Score
CVE-2026-39910 — STACKIT: IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT servers service-accounts endpoint to attach high-privileged service accounts and query the Instance Metadata Service to retrieve OAuth2 tokens, bypassing tenant boundaries and gaining una CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-25856 — OpenBullet2: through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. Attackers can leverage the plain C# execution mode, which lacks reference filtering or API restrictions, to access the file system, spawn processes, and invoke arbitrary .NET APIs as the process user. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-25855 — OpenBullet2: through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources, causing the server to execute the scripts and return output as proxy lines, resulting in arbitrary command execution on the host as the process user. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-25559 — OpenBullet2: through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that
OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can chain the file write and delete primitives to achieve remote code execution by manipulating critical system files such as /etc/passwd, with full system impact since the application run CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-25555 — OpenBullet2: through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
Check Point disclosed CVE-2026-50751, a critical authentication bypass (CVSS 9.3) in Remote Access VPN, Mobile Access, and Spark Firewall products affecting IKEv1 deployments without machine certificate requirements. The vulnerability is actively exploited in the wild since May 7, 2026, with confirmed ties to Qilin ransomware affiliates across several dozen organizations. A related MITM vulnerability (CVE-2026-50752, CVSS 7.4) was also identified but remains unexploited.
92
Edit Score
v2.12.2-rc1
AzureHound releases·github.com
AzureHound v2.12.2-rc1 release candidate published with minor maintenance updates: semver compliance fix for rolling build version string, GitHub Actions workflow updates, removal of unnecessary credentials from build process, and migration to Node.js 24 for DigiCert signing.
15
Edit Score
CVE-2026-46656 — Bludit: This "Ghost Session" allows revoked users to maintain full unauthorized access to the system.
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized access to the system. Version 3.22.0 fixes the issue. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-44631 — Buffer: Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-11528 — Tenda: The manipulation of the argument callback results in stack-based buffer overflow.
A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11524 — The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow.
A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11523 — Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow.
A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11522 — Tenda: Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow.
A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Keeping a Short Leash: New AzureHound Least-Privilege Documentation
SpecterOps·specterops.io
SpecterOps published comprehensive least-privilege permission documentation for AzureHound, the BloodHound data collector for Microsoft Entra ID and Azure Resource Manager. The research maps 17 Microsoft Graph endpoints to 8 granular application permissions and 17 ARM endpoints to specific RBAC actions, replacing the previous broad Directory.Read.All and Reader role assignments. The work includes validation methodology, permission matrices, and updated deployment scripts shipping with the narrower permission set by default.
68
Edit Score
v9.3.0-rc1
BloodHound v9.3.0-rc1 release candidate published with numerous feature additions, bug fixes, and dependency updates. Changes include new privilege zone metrics, alerts framework enhancements, ADCS post-processing optimizations, and accessibility improvements across the UI.
42
Edit Score
CVE-2026-11517 — UTT: Executing a manipulation of the argument GroupName can lead to buffer overflow.
A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Surviving the surge of new Linux LPE : Defense in Depth not dead
Synacktiv analyzes recent Linux LPE vulnerabilities (Crackarmor, Copy Fail, Dirty Frag) and demonstrates that traditional defense-in-depth hardening—restrictive setuid binary permissions and kernel module allowlisting—effectively mitigates exploitation chains before patches are available. The article provides practical implementation guidance using dpkg-statoverride and /proc/sys/kernel/modules_disabled to shift from default-allow to default-block posture.
72
Edit Score