newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-09 18:02Z
Subscribe to news →
CVE-2019-25733 — NetShareWatcher: 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers
NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to trigger code execution when the Find function is invoked. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2019-25732 — PHP: EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to
PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to extract sensitive database information including usernames, passwords, and version details. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2019-25730 — Listing: Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to extract database credentials, usernames, and version information. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2019-25729 — PDF: Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell_exec() to execute system commands and retrieve sensitive information from the server. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2019-25728 — Care2x: 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including login.php, indexframe.php, and various module files to extract sensitive database information without authentication. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2019-25727 — WordPress: Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a malicious path parameter to read arbitrary files like wp-config.php accessible to the web server. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2019-25726 — One: All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames, databases, and version details. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-4104 — Authorization: bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and
Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-10840 — A flaw was found in the OpenShift Pipelines operator.
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secret CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
VerdantBamboo: Just Another BRICKSTORM in the Firewall
Volexity·volexity.comin the wild
Volexity disclosed a 18+ month intrusion by Chinese APT VerdantBamboo (WARP PANDA, UNC5221) targeting a victim organization and its MSP via compromised Egnyte Storage Sync and pfSense firewall appliances. The threat actor deployed three malware families—BRICKSTORM (Golang/Rust RAT), AGENTPSD (Python reverse shell), and PLENET (.NET Core backdoor)—to establish persistent access, bypass Conditional Access policies on M365, and pivot through the victim's infrastructure. The attack exploited a local privilege escalation in Egnyte's sudo configuration, credential theft from the MSP, and exposed firewall administrative interfaces.
92
Edit Score
CVE-2026-50225 — Acer Connect_m6e_5g_firmware: The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. CVSSv3.1 9.1 (CRITICAL) · EPSS 13th percentile
9.1
CVSS v3.1
96
Edit Score
CVE-2026-50214 — Acer Connect_m6e_5g_firmware: The /v1/Plan service relies entirely on a shared global API token for full administrative
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. CVSSv3.1 9.8 (CRITICAL) · EPSS 5th percentile
9.8
CVSS v3.1
99
Edit Score
CVE-2026-50211 — Acer Connect_m6e_5g_firmware: Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious
Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-50208 — Acer Connect_m6e_5g_firmware: Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. CVSSv3.1 9.4 (CRITICAL)
9.4
CVSS v3.1
97
Edit Score
CVE-2026-50205 — Acer Connect_m6e_5g_firmware: System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-49203 — Acer Connect_m6e_5g_firmware: Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-49202 — Acer Connect_m6e_5g_firmware: Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
CVE-2026-49194 — Acer Connect_m6e_5g_firmware: The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-49191 — Acer Connect_m6e_5g_firmware: The production build of the M3WebServer hard-codes its backend API keys, which can be
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-49190 — Acer Connect_m6e_5g_firmware: The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting
The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
FSB’s matryoshka #3/3 – Gamaredon’s gifts that keeps unpacking – GammaSteel
Sekoia.io·sekoia.ioin the wild
Sekoia.io's third report in their Gamaredon trilogy documents GammaSteel, the FSB-operated intrusion set's final-stage stealer payload targeting Ukrainian government and critical infrastructure. The malware operates fileless via PowerShell, leveraging Windows DPAPI encryption in the registry, and deploys three concurrent data-acquisition mechanisms: hourly filesystem scans, USB hardware event monitoring, and real-time file-change surveillance. Exfiltration routes through S3-compatible cloud storage (Tebi.io) with fallback to operator-controlled C2 and Dead Drop Resolvers, with local MD5-based deduplication to minimize network noise.
92
Edit Score
CVE-2026-49188 — Acer Connect_m6e_5g_firmware: The ai_cmd utility executes with full root permissions.
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-49186 — Acer Connect_m6e_5g_firmware: This allows any client to subscribe using wildcard characters (# or +) to enumerate
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-49185 — Acer Connect_m6e_5g_firmware: The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-41283 — OpenStack: Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed.
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials. CVSSv3.1 9.9 (CRITICAL)
9.9
CVSS v3.1
100
Edit Score