newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-25 23:19Z
Subscribe to news →
CVE-2026-41669 — Admidio: Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call sites (handleSSORequest() line 418 and handleSLORequest() line 613). The method returns error strings on failure rather than throwing exceptions, but the developer believed it would throw (per comments on lines 416 and 611). This means the smc_require_auth_signed configuration opt CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-41201 — CI4MS: In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to contain hidden XSS payload. This issue has been patched in version 0.31.5.0. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-41142 — OpenEXR: From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads to heap OOB write via OpenEXRUtil public API. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-40982 — Spring: Cloud Config allows applications to serve arbitrary text and binary files through the
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook
Elastic Security Labs·elastic.coin the wild
Elastic Security Labs disclosed TCLBANKER, a Brazilian banking trojan distributed via trojanized Logitech MSI installers (DLL sideloading attack). The malware features environment-gated payload decryption, comprehensive anti-analysis watchdog, WPF-based full-screen overlay framework for credential harvesting and social engineering, and self-propagating WhatsApp/Outlook worm modules. The campaign (REF3076) targets 59 Brazilian banking, fintech, and cryptocurrency domains via browser URL monitoring and WebSocket C2, with infrastructure hosted on Cloudflare Workers.
88
Edit Score
Donuts and Beagles: Fake Claude site spreads backdoor
Sophos X-Ops·news.sophos.comin the wild
Sophos X-Ops discovered a malvertising campaign distributing a fake Claude AI website (claude-pro[.]com) that delivers a previously undocumented backdoor dubbed 'Beagle' via DLL sideloading. The attack chain uses a legitimate G DATA signed executable (NOVupdate.exe) to load a malicious avk.dll, which decrypts and executes DonutLoader shellcode that ultimately deploys the Beagle backdoor. The campaign shows signs of active exploitation with multiple samples from February–April 2026 using similar infection chains but varying payloads, including AdaptixC2 variants, suggesting either threat actor retooling or TTP imitation.
76
Edit Score
CVE-2026-40281 — Gotenberg: A newline character in a metadata value splits the ExifTool stdin line into two
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate arguments, allowing injection of arbitrary ExifTool pseudo-tags such as -FileName, -Directory, -SymLink, and -HardLink. This is a bypass of the incomplete key-sanitization fix introduce CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score
CVE-2026-44116 — OpenClaw: before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthorized access to internal resources. CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
CVE-2026-44115 — OpenClaw: Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to
OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-44112 — Openclaw Openclaw: before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root. CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-44110 — OpenClaw: before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-44109 — OpenClaw: before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-43585 — OpenClaw: Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthorized gateway access. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-43584 — OpenClaw: before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment
OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Attackers can exploit this by manipulating these environment variables to influence downstream execution behavior or network connectivity. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-43581 — OpenClaw: before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP
OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration. CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-43578 — OpenClaw: versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade
OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged context than intended. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-43575 — OpenClaw: versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-40076 — Openmrs Openmrs: In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod archives in `WebModuleUtil.startModule()`, ZIP entries under web/module/ are checked only to see whether the full entry path starts with `..,` and the remaining path is then concate CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-8018 — Google Chrome: Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-8016 — Google Chrome: Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote
Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-8002 — Google Chrome: Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed
Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-8001 — Google Chrome: Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to
Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-8000 — Google Chrome: Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to
Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7995 — Google Chrome: Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a
Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7992 — Google Chrome: Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior
Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score