newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-27 13:31Z
Subscribe to news →
CVE-2026-31196 — The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and
The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-31195 — The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7834 — Such manipulation leads to stack-based buffer overflow.
A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-36356 — GoAhead: The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-34408 — Gambio: An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0
An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
Copy-Fail-CVE-2026-31431-Kubernetes-PoC — PoC: fully unprivileged container escape to node-level code execution on Kubernetes via CVE-2026-31431 page-cache corrup
A proof-of-concept exploit for CVE-2026-31431 demonstrates a fully unprivileged container escape to node-level code execution on Kubernetes clusters. The attack exploits a Linux kernel page-cache corruption vulnerability in the AF_ALG splice race condition, combined with shared container image layers and privileged DaemonSets (e.g., kube-proxy), to achieve arbitrary code execution with node privileges. The PoC has been validated on Alibaba Cloud ACK and Amazon EKS.
95
Edit Score
CVE-2026-6261 — Betheme: The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files (including PHP) and achieve remote code execution via the Icons icon-pack upload fl CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-43571 — OpenClaw: before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time plugin loading. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-43569 — OpenClaw: before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-43566 — OpenClaw: versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade
OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when the run should have been downgraded. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-43534 — OpenClaw: before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-43533 — OpenClaw: before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling. CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
CVE-2026-43530 — OpenClaw: versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-43526 — OpenClaw: before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-42439 — OpenClaw: before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser
OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operations. CVSSv3.1 8.5 (HIGH)
8.5
CVSS v3.1
93
Edit Score
CVE-2026-42435 — OpenClaw: versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers
OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and PS4, affecting execution semantics and security controls. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-42434 — OpenClaw: Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2023-54348 — ERPGo: SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in spreadsheet applications. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2023-54345 — Frappe: Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi_frame attribute to traverse the call stack and invoke os.popen to execute system commands. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2023-54344 — Eclipse: Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2023-54342 — Eclipse: Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
C/C++ checklist challenges, solved
Trail of Bits·blog.trailofbits.com
Trail of Bits published a detailed walkthrough of two C/C++ security challenges: a Linux ping program vulnerable to command injection via inet_ntoa's global buffer reuse and inet_aton's acceptance of trailing garbage, and a Windows driver registry handler vulnerable to type confusion in RtlQueryRegistryValues when RTL_QUERY_REGISTRY_TYPECHECK is missing. The Windows vulnerability can escalate from DoS to kernel write primitive by exploiting REG_SZ type confusion to write arbitrary data to kernel stack memory.
78
Edit Score
CVE-2026-6180 — Papercut Papercut_mf: A race condition exists in PaperCut MF when processing badge-swipe data from certain HP
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notification fails to reach the server, the server may reject the initial data chunk while erroneously accepting subsequent chunks before a connection reset completes. This leads to the regis CVSSv3.1 8.1 (HIGH) · EPSS 12th percentile
8.1
CVSS v3.1
91
Edit Score
CVE-2026-40797 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253. CVSSv3.1 9.3 (CRITICAL)
9.3
CVSS v3.1
97
Edit Score
CVE-2026-7823 — The manipulation of the argument enable results in os command injection.
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score