newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-30 08:19Z
Subscribe to news →
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Trend Micro Research·trendmicro.comCVE-2021-26855CVE-2021-26857CVE-2021-26858CVE-2021-27065CVE-2025-55182in the wild
Trend Micro disclosed SHADOW-EARTH-053, a China-aligned APT conducting sustained cyberespionage against government and defense sectors across Asia and NATO members since December 2024. The group exploits unpatched Microsoft Exchange ProxyLogon vulnerabilities (CVE-2021-26855 et al.) for initial access, deploys GODZILLA web shells for persistence, and stages ShadowPad implants via DLL sideloading. The campaign demonstrates sophisticated post-compromise tradecraft including credential harvesting, lateral movement via WMIC/SMBExec, and targeted mailbox exfiltration using custom Exchange Web Services tools.
82
Edit Score
CVE-2026-7420 — The manipulation of the argument Profile results in buffer overflow.
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7419 — UTT: The manipulation of the argument Profile leads to buffer overflow.
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7381 — Plack: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment. A malicious client can set the X-Sendfile-Type header to "X-Accel-Redirect" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-7418 — UTT: Executing a manipulation of the argument Profile can lead to buffer overflow.
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Auditing Application Permissions in Microsoft Entra ID: Hidden Risks, Pitfalls, and Quarkslab's QAZPT Tool
Quarkslab·blog.quarkslab.com
Quarkslab published a comprehensive technical deep-dive into Microsoft Entra ID application permission auditing, exposing hidden complexity in the AppRegistration/ServicePrincipal model, transitive permission inheritance paths, and credential visibility gaps. The post introduces QAZPT (Quarkslab Azure Permission Tracker), an open-source tool designed to compute and visualize effective permissions across an Entra ID tenant, and documents several undocumented or poorly-documented attack surfaces including Service Principal-level credentials invisible in the portal and federated identity credential inconsistencies.
82
Edit Score
v9.1.0-rc3
BloodHound releases·github.com
BloodHound v9.1.0-rc3 release candidate published with bug fixes for primary kinds handling and database getKinds method. Two commits address issues BED-8155 related to error handling and array returns.
25
Edit Score
CVE-2026-7426 — Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted. To mitigate this issue, users should upgrade to the fixed version when available. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-34965 — Cockpit: CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2018-25318 — Tenda: FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2018-25317 — Tenda: W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2018-25316 — Tenda: W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2018-25315 — Alloksoft: Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to
Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2018-25314 — Allok: soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow
Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2018-25308 — BuddyPress: Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and field_deleteimg parameters during profile editing to unlink files from the server. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2018-25307 — SysGauge: Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that
SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute arbitrary code with application privileges. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2018-25304 — Free: Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the
Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2018-25303 — Allok: Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the
Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2018-25301 — Easy: MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer
Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2018-25300 — XATABoost: CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to
XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database information. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2018-25299 — Prime95: 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
v2.12.1-rc2
AzureHound releases·github.com
AzureHound v2.12.1-rc2 release candidate includes bug fixes for Management Group collection scoping, Microsoft Graph authorization error handling, access token decoding, request timeouts, and GitHub Actions artifact signing. This is a pre-release version with incremental improvements to the Azure reconnaissance tool.
35
Edit Score
CVE-2026-41940: cPanel & WHM Authentication Bypass
CVE-2026-41940 is a critical authentication bypass (CVSS 9.8) in cPanel & WHM caused by CRLF injection in session handling. Unauthenticated attackers can manipulate the `whostmgrsession` cookie to inject arbitrary session properties (e.g., `user=root`), gaining administrative access. The vulnerability is actively exploited in the wild with evidence of zero-day activity since February 2026; a public PoC is available.
95
Edit Score
CVE-2026-7466 — AgentFlow: contains an arbitrary code execution vulnerability that allows attackers to execute local Python
AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to load and execute existing Python pipeline files on disk, resulting in code execution in the context of the user running AgentFlow. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7424 — Integer: underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score