Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-62373 — Pipecat: This means that a malicious WebSocket client can send a crafted pickle payload to
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an optional, non-default, undocumented frame serializer class (now deprecated) intended for LiveKit integration. The class's `deserialize()` method uses Python's `pickle.loads()` on data received from WebSocket clients without any validation or sanitization. This means that a malicious W CVSSv3.1 9.8 (CRITICAL)
CVE-2025-50229 — Jizhicms: v2.5.4 is vulnerable to SQL injection in the product editing module.
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module. CVSSv3.1 9.8 (CRITICAL)
MSSQLHound Now Available in Go
SpecterOps released MSSQLHound in Go, a rewrite of the PowerShell MSSQL reconnaissance tool that dramatically improves performance (17 minutes to 17 seconds), adds cross-platform support, SOCKS proxying, NT hash/Kerberos authentication, and integrates with BloodHound's OpenGraph schema for attack path visualization. The Go version adds 7 new nodes and 37 new MSSQL attack path edges while maintaining feature parity with the original.
CVE-2026-33824: Remote Code Execution in Windows IKEv2
CVE-2026-33824 is a double-free vulnerability in Windows IKEv2 (IKEEXT.DLL) triggered during fragment reassembly when processing crafted IKE_SA_INIT and IKE_AUTH messages. An unauthenticated remote attacker can send malicious packets to UDP ports 500/4500 to achieve arbitrary code execution under SYSTEM context. Microsoft patched this in April 2026; detection requires correlating specific byte sequences across sequential IKE packets.
CVE-2026-41461 — SocialEngine: versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the
SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers can supply arbitrary URLs including internal network addresses and loopback addresses to cause the server to issue HTTP requests to attacker-controlled destinations, enabling internal CVSSv3.1 8.5 (HIGH)
CVE-2026-41460 — SocialEngine: versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint
SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary data from the database, reset administrator account passwords, and gain unauthorized access to the Packages Manager in the Admin Panel, potentially enabling CVSSv3.1 9.8 (CRITICAL)
CVE-2026-39440 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows
Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1. CVSSv3.1 9.9 (CRITICAL)
Otto Support – An MCP, Agentic-AI Security Challenge
Bishop Fox released otto-support, a public CTF and vulnerable MCP (Model Context Protocol) server designed to teach AI agent security through hands-on exploitation. The challenge simulates real-world attack surfaces where AI assistants interact with tools, internal services, and local resources, requiring participants to escalate privileges, exfiltrate data, and execute code. The research contextualizes emerging MCP vulnerabilities including MCP Inspector's unauthenticated RCE (CVE-2025-49596) and OpenClaw's plaintext credential storage and prompt injection flaws.
Trailmark turns code into graphs
Trail of Bits open-sourced Trailmark, a code-to-graph library that parses source code into queryable call graphs with semantic metadata, exposing analysis through a Python API and eight Claude Code skills. The tool supports 17 languages and enables graph-based reasoning for mutation triage, test vector generation, protocol diagramming, and security-relevant code analysis—demonstrating practical applications in cryptographic library auditing.
CVE-2026-6887 — Borg: SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-6886 — Borg: SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-6885 — Borg: SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-3960 — H2o H2o: A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as s CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile
Say hi to Pike!
Synacktiv introduces Pike, an experimental LLM agent that analyzes Linux program execution traces captured via strace. The tool uses SQLite with FTS5 indexing to structure syscall data and exposes a SQL query interface to an LLM, enabling natural-language analysis of program behavior for debugging, malware identification, and security assessment.
CVE-2026-41230 — Froxlor: is open source server administration software.
Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered by the if/elseif validation chain is submitted (e.g., `NAPTR`, `PTR`, `HINFO`), content validation is entirely bypassed. Embedded newline characters in the content survive `trim()` processing, are stored in the database, and are wri CVSSv3.1 8.5 (HIGH)
CVE-2026-41229 — Froxlor: is open source server administration software.
Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a MySQL server via the API, the `privileged_user` parameter (which has no input validation) is written unescaped into `lib/userdata.inc.php`. Since this file is `require`d on every request via `Database::g CVSSv3.1 9.1 (CRITICAL)
CVE-2026-41228 — Froxlor: An authenticated customer can set `def_language` to a path traversal payload (e.g., `../../../../../var/customers/webs/customer1/evil`), which
Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can set `def_language` to a path traversal payload (e.g., `../../../../../var/customers/webs/customer1/evil`), which is stored in the database. On subsequent requests, `Language::loadLanguage()` constructs a file pat CVSSv3.1 9.9 (CRITICAL)
CVE-2026-3844 — Breeze: The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-41679 — Paperclip: Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against CVSSv3.1 10.0 (CRITICAL)
CVE-2026-41211 — Voidzero Vite\+: Vite+ is a unified toolchain and entry point for web development.
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A caller can supply `../` segments or an absolute path to escape the `VP_HOME/package_manager/<pm>/` cache root and make Vite+ delete, replace, and populate directories outside the intended cache location. Version 0.1.17 contains a patch. CVSSv3.1 10.0 (CRITICAL) · EPSS 3th percentile
CVE-2026-41208 — Paperclip: Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host. An attacker with an agent credential can escalate privileges from the agent runtime to the Paperclip server host. The vulnerability occurs because agents are allowed to updat CVSSv3.1 8.8 (HIGH)
CVE-2026-41196 — Minetest Minetest: Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially
Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the server-side mod, async and mapgen as well as the client-side (CSM) environments. This vulnerability is only exploitable when using LuaJIT. Version 5.15.2 contains a patch. On release CVSSv3.1 10.0 (CRITICAL) · EPSS 23th percentile
CVE-2026-41179 — Rclone Rclone: Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` CVSSv3.1 9.8 (CRITICAL) · EPSS 91th percentile
CVE-2026-41176 — Rclone Rclone: This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reach CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile
CVE-2026-29198 — Rocket: In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured. CVSSv3.1 9.8 (CRITICAL)