newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-26 02:32Z
Subscribe to news →
CVE-2026-7903 — Google Chrome: Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a
Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7902 — Google Chrome: Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed
Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7901 — Google Chrome: Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed
Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7900 — Google Chrome: Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-7899 — Google Chrome: Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96
Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7898 — Google Chrome: Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed
Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7896 — Google Chrome: Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker
Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41938 — Vvveb: before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can upload a .phtml file containing arbitrary PHP code and trigger execution by sending an unauthenticated HTTP GET request to the uploaded file, resulting in remote code execution with web se CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41936 — Vvveb: before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the
Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to inject file:// or php://filter entity references that are resolved and persisted into the application database, enabling arbitrary file disclosure and administrator password hash o CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-41934 — Vvveb: before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiting insufficient file extension restrictions. Attackers with editor, author, contributor, or site_admin roles can write a malicious .htaccess file to map arbitrary extensions to the PHP handler, then upload PHP code with that extension to achieve unauthenticated remote code executi CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41930 — Vvveb: before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gain unrestricted read and write access to the entire Vvveb database, including administrator password hashes, customer personally identifiable information, and order data, enabling ac CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-0300 — Paloaltonetworks Pan-os: A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KC CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2024-30151 — HCL: BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading
HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-29090 — Cern Rucio: ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before
### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoint (`GET /dids/<scope>/dids/search`). When the `postgres_meta` metadata plugin is configured, attacker-controlled filter keys and values are interpolated directly into raw S CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7875 — NanoClaw: contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup
NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the in CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-42503 — This can allow a malicious party on the same network to execute code arbitrarily
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This can allow a malicious party on the same network to execute code arbitrarily via gopls. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-29080 — Cern Rucio: A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary
A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids/<scope>/dids/search`). On Oracle deployments attacker-controlled filter keys and values are interpolated directly into `sqlalchemy.text()` via Python `.format()`, completely bypassing parameterization. This enables full database compromise including extraction of authentication CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-20034 — A vulnerability in the web-based management interface of Cisco Unity Connection could allow an
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted de CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Make it Blink: Over-the-Air Exploitation of the Philips Hue Bridge
Synacktiv researchers disclosed a critical remote code execution vulnerability (CVE-2026-3555) in the Philips Hue Bridge exploited during Pwn2Own 2026. The vulnerability exists in Zigbee frame processing where a heap buffer overflow in the Download Blob state machine allows unauthenticated attackers on the local Zigbee network to overflow into adjacent heap chunks. The researchers leveraged musl libc allocator "Vudo" techniques to achieve arbitrary write and code execution by hijacking a global function pointer.
92
Edit Score
The Accidental C2: Exploring Dev Tunnels for Remote Access
SpecterOps·specterops.io
SpecterOps researcher Adam Chester reverse-engineered VS Code Dev Tunnels to expose a multi-layered C2-like architecture combining REST APIs, WebSocket tunneling, SSH, and MsgPack RPC. The research reveals that Dev Tunnels can be abused for initial access via Device Code Phishing against GitHub/Azure OAuth flows, lateral movement through token theft from vscdb, and persistence by establishing tunnels from compromised hosts. Additionally, FOCI (Family of Client IDs) and BroCI clients provide attack surface expansion—compromising any FOCI member allows token exchange to Dev Tunnels access.
82
Edit Score
Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
Palo Alto Networks disclosed CVE-2026-0300, a critical unauthenticated buffer overflow (CVSS 9.3) in the User-ID Authentication Portal feature of PAN-OS PA-Series and VM-Series firewalls. The vulnerability allows remote code execution with root privileges and is confirmed exploited in the wild. No patches are available yet; fixes are expected May 13–28, 2026, with ~225,000 internet-facing PAN-OS instances at risk.
95
Edit Score
CVE-2026-5081 — Apache: Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure.
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
OceanLotus suspected of using PyPI to deliver ZiChatBot malware
Kaspersky Securelist·securelist.comin the wild
Kaspersky researchers discovered malicious Python wheel packages uploaded to PyPI in July 2025 that delivered a previously unknown malware family called ZiChatBot, attributed to OceanLotus APT. The attack targeted both Windows and Linux users through three fake libraries (uuid32-utils, colorinal, termncolor) that acted as droppers, with ZiChatBot using Zulip's public REST APIs as command-and-control infrastructure instead of traditional servers. The packages were removed from PyPI and the attacker's Zulip organization deactivated before widespread infections occurred.
82
Edit Score
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
Rapid7 Research·rapid7.comin the wild
Rapid7 researchers identified a sophisticated intrusion initially attributed to Chaos ransomware that was actually a false-flag operation by MuddyWater (Seedworm), an Iranian APT affiliated with MOIS. The attackers used interactive Microsoft Teams social engineering to harvest credentials and MFA, established persistence via DWAgent and AnyDesk, deployed a custom RAT (Game.exe) masquerading as WebView2, and exfiltrated data while avoiding file encryption. Attribution was anchored by a code-signing certificate ("Donald Gay") previously linked to MuddyWater's Operation Olalampo, C2 infrastructure overlap (moonzonet.com), and signature tradecraft including pythonw.exe process injection and Teams-based credential harvesting.
82
Edit Score
CVE-2026-42208: Pre-Authentication SQL Injection in LiteLLM Proxy
Bishop Fox researchers confirmed CVE-2026-42208, a critical pre-authentication SQL injection in LiteLLM proxy (versions 1.81.16–1.83.6) affecting the bearer-token verification logic. An unauthenticated attacker can inject SQL via a malformed Authorization header into any LLM API endpoint, exploiting an f-string interpolation sink to extract database contents via timing-based blind SQLi. In-the-wild exploitation was observed within 36 hours of the GitHub advisory publication; the fix (v1.83.7) introduces proper parameter binding.
92
Edit Score