newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-23 07:56Z
Subscribe to news →
CVE-2026-42097 — Sparxsystems Pro_cloud_server: Sparx Pro Cloud Server requires authentication based on requested URL.
Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-42096 — Sparxsystems Pro_cloud_server: Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-4883 — Piotnet: The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing dangerous extensions such as .phar or .phtml to be uploaded. This makes it possible for unauthenticated attackers to upload arbitrary files on the CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-7504 — By crafting a malicious request, an attacker could bypass validation to redirect users to
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further attacks. This vulnerability specifically affects Keycloak clients configured with a wildcard (*) in the "Valid Redirect URIs" field and requires user interaction to be successfully exploit CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-43493 — Linux: In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-46586 — Apache Ofbiz: Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-45434 — Authentication: Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41919 — Neutralization: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-31986 — Use: of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-2611 — MLflow: This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attacker can modify the Assistant's configuration to enable full access, which in turn allows the execution of arbitrary commands via t CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-4885 — Piotnet: The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing dangerous extensions such as .phar or .phtml to be uploaded. This makes it possible for unauthenticated attackers to upload arbitrary f CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
offensive-claude — Offensive security toolkit for Claude Code covering red team, exploit dev, AD attacks, EDR bypass, mobile pentest
GitHub · EDR bypass / evasion·github.comGITHUB POC
offensive-claude is a comprehensive Claude Code configuration toolkit designed for offensive security practitioners, featuring 25 specialized skills, 6 agents, and 47 vulnerability reference files covering the full red-team lifecycle including exploit development, AD attacks, EDR bypass, mobile penetration testing, and cloud security. The toolkit integrates with MCP servers (IDA Pro, JADX, web search) and provides structured guidance on recon, vulnerability analysis, reverse engineering, malware analysis, and advanced red-team operations.
62
Edit Score
CVE-2026-27648 — OpenHarmony: in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-25781 — OpenHarmony: in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2026-24792 — OpenHarmony: in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
WantToCry ransomware remotely encrypts files
Sophos X-Ops·news.sophos.comin the wild
Sophos CTU researchers documented WantToCry ransomware campaigns that abuse exposed SMB services for initial access via brute-force attacks, then exfiltrate and remotely encrypt files on attacker infrastructure before rewriting encrypted data back to victims' systems via authenticated SMB sessions. The threat actors use segmented infrastructure across multiple countries and demand modest ransoms ($400–$1,800), with no evidence of double-extortion tactics or post-compromise lateral movement.
72
Edit Score
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
Trend Micro Research·trendmicro.comin the wild
Trend Micro MDR researchers mapped the complete operational infrastructure of Banana RAT, a Brazilian banking trojan attributed to SHADOW-WATER-063, by recovering both attacker server-side tooling and victim-side telemetry. The malware uses a FastAPI-based polymorphic crypter generating 100–200 unique AES-wrapped builds per delivery folder, fileless PowerShell execution, and modular .NET DLLs to enable screen streaming, keylogging, remote input control, and PIX QR code interception targeting 16 Brazilian financial institutions. The attack chain spans WhatsApp/phishing lures, staged batch-file execution, in-memory payload decryption, scheduled-task persistence, and active C&C communication on port 443.
88
Edit Score
How OLTs may have exposed entire ISP networks
Quarkslab·blog.quarkslab.com
Quarkslab disclosed multiple unauthenticated remote code execution vulnerabilities in VSOL GPON OLT devices and their Cloud EMS fleet management platform. The attack chain begins with exploiting pre-auth command injection flaws in OLT traceroute and TACACS+ features, escalates via unauthenticated arbitrary file upload in Cloud EMS (JSP webshell), and enables complete ISP network takeover. Default credentials (admin/Xpon@Olt9417#) hardcoded across firmware binaries compound the risk.
92
Edit Score
CVE-2026-8851 — SOGo: 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality
SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQL code to write extracted data into the sogo_acl table and retrieve it through the /acls API, establishing an out-of-band data exfiltration channel. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-8838 — Unsafe: use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver
Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-27130 — Dokploy: Versions 0.26.6 and below have OS command injection through the appName parameter.
Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application names are passed through inadequate sanitization (cleanAppName function only replaces spaces and converts to lowercase) before being interpolated directly into shell commands execu CVSSv3.1 9.9 (CRITICAL)
9.9
CVSS v3.1
100
Edit Score
CVE-2026-25244 — WebdriverIO: Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution (RCE)
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution (RCE) in test orchestration. Git permits branch names containing shell metacharacters, and getGitMetadataForAISelection() interpolates these names directly into execSync() calls without sanitization. An attacker can exploit this by supplying a malicious reposi CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-22810 — Joplin: Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-8836 — Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow.
A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-45495 — Microsoft: Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score