newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-27 21:37Z
Subscribe to news →
Volatility 3 2.28.0
Volatility3 releases·github.com
Volatility 3 2.28.0 released with improvements to Intel layer address space scanning, Linux module section handling, new sockscan and process_spoofing plugins, Windows 11 detection enhancements, and UTF-8 console support. The release includes contributions from multiple community members and switches to ruff for code formatting.
42
Edit Score
CVE-2026-40904 — Chartbrew: The issue is exploitable remotely with ordinary project-level credentials and leads to cross-project data
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the requested dataset_id, dataRequest id, and connection_id to the caller's allowed projects. An authenticated attacker who only has access to one project inside a team can read, execute, cre CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-40600 — Chartbrew: In version 4.9.0, Chartbrew allows authenticated users with access to one project to update
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affected routes authorize the caller against the project in the URL path, but they never verify that policy_id belongs to that project. This permits cross-project modification of dashboard CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-36765 — XML: An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload. CVSSv3.1 8.8 (HIGH) · EPSS 6th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-36762 — An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations. CVSSv3.1 8.8 (HIGH) · EPSS 3th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-36767 — A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request. CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score
CVE-2026-36760 — An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled. CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2025-71284 — Synway: SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can inject arbitrary shell commands by submitting a POST request with crafted radius_address, radius_address2, shared_secret2, source_ip, timeout, or retry parameters along with save=1 CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2022-50993 — Weaver: (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
K8s-Container-Escape-Demo — Full Kubernetes container escape demo on AWS EKS — Spring4Shell RCE to cluster takeover — with web dashboard, automated
A comprehensive Kubernetes container escape demonstration project that chains Spring4Shell RCE (CVE-2022-22965) through container escape techniques (nsenter, mount, chroot, IMDS theft) to full EKS cluster takeover. The demo includes a web dashboard orchestrating attack automation, shift-left security scanning via CortexCLI, and automated incident response via Cortex XDR playbooks and AWS Lambda containment functions.
78
Edit Score
CVE-2026-4670 — Authentication: bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-36960 — Site: A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints. If an authenticated administrator visits the malicious webpage, the victim's browser automatically in CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-36340 — Krayin: An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2025-14543 — Rti Connext_professional: Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. CVSSv3.1 9.1 (CRITICAL) · EPSS 11th percentile
9.1
CVSS v3.1
96
Edit Score
v9.1.0-rc4
BloodHound releases·github.com
BloodHound v9.1.0-rc4 released with bug fixes for primary kinds handling and database getKinds method. This is a release candidate addressing issues BED-8155 with two commits since rc1.
35
Edit Score
CVE-2026-36956 — Site: A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints such as /api/setWlan. If an authenticated administrator visits the malicious webpag CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Bypassing Windows authentication reflection mitigations for SYSTEM shells - Part ②
Synacktiv researchers demonstrate a complete bypass of Microsoft's CVE-2025-33073 patch (authentication reflection mitigation) using a novel Unicode-based Kerberos coercion technique. By crafting DNS records with Unicode lookalike characters (SⓇV1․AD․LOCAL), attackers can force Windows machines to authenticate to attacker-controlled servers, achieving RCE as SYSTEM or LPE from low-privilege shells. The technique exploits inconsistent Unicode normalization between Windows DNS resolution, Kerberos SPN lookup, and SMB validation logic.
92
Edit Score
CVE-2026-7402 — Control: PDKS allows Flooding.
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-7399 — Authorization: bypass through User-Controlled key vulnerability in MeWare Software Development Inc.
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
Introducing AIMap: Security Testing For AI Agent Infrastructure
Bishop Fox Labs·bishopfox.com
Bishop Fox released AIMap, an open-source security testing tool for discovering and analyzing exposed AI agent infrastructure on the public internet. The tool performs reconnaissance across multiple AI frameworks (MCP, Ollama, vLLM, LangServe, Gradio, ComfyUI, etc.), fingerprints endpoints, assigns risk scores (0-10), and executes protocol-specific attack tests including prompt injection, tool authorization boundary testing, and model extraction. AIMap addresses a critical visibility gap: attackers already possess this reconnaissance capability at scale, but most organizations lack internal visibility into their own exposed AI systems.
78
Edit Score
CVE-2026-42512 — Freebsd Freebsd: This can result in a crash, but it may be possible to leverage this
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution. CVSSv3.1 8.1 (HIGH) · EPSS 8th percentile
8.1
CVSS v3.1
91
Edit Score
CVE-2026-35547 — The lack of validation allows a malicious program to write outside the bounds of
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-5402 — TLS: protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service
TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-42511 — Freebsd Freebsd: The BOOTP file field is written to the lease file without escaping embedded double-quotes
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it. A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient. CVSSv3.1 8.1 (HIGH) · EPSS 5th percentile
8.1
CVSS v3.1
91
Edit Score
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
Kaspersky Securelist·securelist.comin the wild
Kaspersky disclosed a phishing campaign by the Silver Fox APT group targeting organizations in Russia and India using tax-themed lures. The campaign delivers a modified Rust-based RustSL loader that unpacks ValleyRAT, which in turn loads a previously undocumented Python backdoor named ABCDoor. The attack chain includes custom persistence mechanisms (Phantom Persistence), geofencing, and sandbox evasion; ABCDoor has been active since late 2024 and continues to be deployed in real-world attacks.
78
Edit Score