newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-30 11:57Z
Subscribe to news →
CVE-2026-7333 — Use: after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-42167 — ProFTPD: mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a
mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM). CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-41446 — Snap: One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
etc-collector-com — Open-source Active Directory & Entra ID security auditor. 419+ checks, ADCS ESC1-ESC11, attack paths. 6.2× faster than P
GitHub · Azure / Entra tools·github.comGITHUB POC
ETC Collector is an open-source Active Directory and Microsoft Entra ID security auditor written in Go, featuring 498+ detectors across 23 categories, ADCS ESC1-ESC11 checks, attack-path analysis, and compliance framework tagging (ANSSI, CIS, NIST, DISA, HDS, RGPD, NIS2). The tool runs as a single static binary with three modes: CLI one-shot, standalone HTTPS server with web UI, or SaaS daemon, completing full-forest audits in ~1 second with no .NET or Python dependencies.
62
Edit Score
v9.1.0-rc2
BloodHound releases·github.com
BloodHound v9.1.0-rc2 release candidate published with incremental UI/UX improvements, bug fixes, and backend refactoring. Changes include PDF attack paths table, OpenGraph extension permissions, improved filtering, component library updates, and post-processing migrations to DCA.
35
Edit Score
CVE-2026-42431 — OpenClaw: before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of
OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-42426 — OpenClaw: Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to
OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-42422 — OpenClaw: before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows
OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41914 — OpenClaw: before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies. CVSSv3.1 8.5 (HIGH)
8.5
CVSS v3.1
93
Edit Score
CVE-2026-41404 — OpenClaw: before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows
OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on identity-bearing authentication paths and escalate privileges. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41394 — OpenClaw: before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive
OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-41386 — OpenClaw: before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-41383 — OpenClaw: before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows
OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-41378 — OpenClaw: before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to
OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted agent.request dispatch to achieve remote code execution on the gateway. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-3893 — Carlson: The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials. CVSSv3.1 9.4 (CRITICAL)
9.4
CVSS v3.1
97
Edit Score
CVE-2026-38949 — Site: Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality
Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code CVSSv3.1 8.9 (HIGH) · EPSS 6th percentile
8.9
CVSS v3.1
95
Edit Score
CVE-2026-24222 — NVIDIA: A successful exploit of this vulnerability might lead to information disclosure.
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure. CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
CVE-2026-24186 — NVIDIA: FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization
NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-24178 — NVIDIA: NVFlare Dashboard contains a vulnerability in the user management and authentication system where
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
v9.1.0-rc1
BloodHound releases·github.com
BloodHound v9.1.0-rc1 released with incremental UI/UX improvements, bug fixes, and backend refactoring. Changes include PDF attack paths table, OpenGraph extension permissions, improved component library (Doodle UI), database pooling enhancements for IAM RDS auth, and various post-processing migrations to DCA.
35
Edit Score
CVE-2026-41873 — Apache Pony_mail: ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under the name "Pony Mail Foal" that is not affected by this issue, but hasn't been released yet. As the Lua implementation of this project is retired, we do not plan to release a CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-38651 — Authentication: Bypass vulnerability exists in Netmaker versions prior to 1.5.0.
Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network, gaining access to sensitive information CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2025-60889 — Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow
Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
Securing the git push pipeline: Responding to a critical remote code execution vulnerability
GitHub disclosed CVE-2026-3854, a critical remote code execution vulnerability in the git push pipeline affecting github.com and GitHub Enterprise Server. The vulnerability allowed authenticated users with push access to inject unsanitized git push options into internal metadata, bypassing sandboxing and achieving arbitrary command execution on GitHub servers. GitHub patched github.com within 2 hours of validation, found no evidence of exploitation, and released patches for all supported GHES versions.
92
Edit Score
CVE-2026-7321 — Sandbox: escape due to incorrect boundary conditions in the WebRTC: Networking component.
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score