2026-04-21
2026-04-21 22:39Z
HIGH

Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025

Synacktiv·synacktiv.com

Synacktiv's comprehensive Wi-Fi penetration testing guide covers attack vectors from open networks through WEP and WPA2 PSK, detailing real-world exploitation techniques including LLMNR/mDNS poisoning, deauthentication attacks, evil-twin MitM, and cryptographic weaknesses. The article demonstrates practical attacks against legacy and modern Wi-Fi protocols, with case studies from actual penetration tests showing how credential harvesting and network compromise remain viable despite protocol maturity.

TACTA0001SRFNetworkTACTA0006TYPResearchTYPWriteupSTGDiscoverySTGInitial AccessSTGCred Access
68
Edit Score
2026-04-21
2026-04-21 22:39Z
CRIT

Livewire: remote command execution through unmarshaling

Synacktiv·synacktiv.com

Synacktiv disclosed a critical pre-authenticated remote code execution vulnerability in Livewire, a popular Laravel full-stack framework used in 130K+ public instances. The vulnerability exploits Livewire's hydration mechanism through malicious synthesizers injected via the updates field, bypassing checksum validation through PHP's loose typing and recursive array handling. Attackers can instantiate arbitrary objects and chain gadgets (GuzzleHttp\Psr7\FnStream, League\Flysystem utilities) to achieve stealthy command execution without knowledge of the application's APP_KEY.

SRFApplicationTACTA0002SRFWebTACTA0003VNDLaravelVNDLivewireTYPResearchTYPWriteup
92
Edit Score
2026-04-21
2026-04-21 22:16Z
HIGH

CVE-2026-6832 — Get-hermes Hermes_web_ui: Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6832

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the session_id parameter. Attackers can exploit unvalidated session identifiers to construct paths that bypass the SESSION_DIR boundary and delete writable JSON files on the host system. CVSSv3.1 8.1 (HIGH) · EPSS 31th percentile

CWECWE 22VNDGet HermesVNDHermesTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 22:16Z
CRIT

CVE-2026-40933 — Flowiseai Flowise: Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40933

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerability lies in a bug in the input sanitization from the “Custom MCP” configuration in http://localhost:3000/canvas - where any user can add a new MCP, when doing so - adding a new MCP usin CVSSv3.1 9.9 (CRITICAL)

CWECWE 78VNDFlowiseaiVNDFlowiseTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 22:16Z
HIGH

CVE-2026-40931 — Node-modules Compressing: Physical" divergence, an attacker can bypass the security check using a Directory Poisoning technique

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40931

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fails to account for the actual filesystem state. By exploiting this "Logical vs. Physical" divergence, an attacker can bypass the security check using a Directory Poisoning technique CVSSv3.1 8.4 (HIGH)

CWECWE 59VNDNode ModulesVNDCompressingTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-6823 — Hkuds Openharness: Attackers who can reach the configured channel can bypass access controls and reach host-backed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6823

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach host-backed agent runtimes, potentially leading to unauthorized file disclosure and read access through default-enabled read-only tools. CVSSv3.1 8.2 (HIGH) · EPSS 26th percentile

CWECWE 276VNDHkudsTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-40925 — Wwbn Avideo: In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40925

WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST` but protects the endpoint only with `User::isAdmin()`. It does not call `forbidIfIsUntrustedRequest()`, does not verify a `globalToken`, and does not validate the Origin/Referer header. Because AVideo intentionally sets `session.cookie_samesite=None` to support cross-origin ifra CVSSv3.1 8.3 (HIGH) · EPSS 4th percentile

CWECWE 352VNDWwbnTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-40911 — Wwbn Avideo: In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40911

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the client side, `plugin/YPTSocket/script.js` contains two `eval()` sinks fed directly by those relayed fields (`json.msg.autoEvalCodeOnHTML` at line 568 and `json.callback` at line 95). Because tokens are minted for anonymous visitors and n CVSSv3.1 10.0 (CRITICAL) · EPSS 37th percentile

CWECWE 94VNDWwbnTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-40906 — Electric Sync-service: From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40906

Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted ORDER BY expressions. This vulnerability is fixed in 1.5.0. CVSSv3.1 9.9 (CRITICAL) · EPSS 10th percentile

CWECWE 89VNDElectricTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-40892 — Pjsip Pjsip: In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40892

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length. CVSSv3.1 9.8 (CRITICAL)

CWECWE 121VNDPjsipTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-34309 — Oracle Peoplesoft_enterprise_peopletools: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34309

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessib CVSSv3.1 8.1 (HIGH)

CWECWE 284VNDOracleVNDVulnerabilityTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-34291 — Oracle Http_server: Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34291

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthor CVSSv3.1 8.7 (HIGH)

CWECWE 284VNDOracleVNDVulnerabilityTYPVulnerability
8.7
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34287 — Oracle Identity_manager_connector: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34287

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector CVSSv3.1 9.1 (CRITICAL)

CWECWE 284VNDOracleVNDVulnerabilityTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34286 — Oracle Identity_manager_connector: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34286

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector CVSSv3.1 9.1 (CRITICAL)

CWECWE 306VNDOracleVNDVulnerabilityTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34285 — Oracle Identity_manager_connector: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34285

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector CVSSv3.1 9.1 (CRITICAL)

CWECWE 306VNDOracleVNDVulnerabilityTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34279 — Oracle Enterprise_manager_base_platform: Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34279

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Su CVSSv3.1 9.1 (CRITICAL) · EPSS 12th percentile

CWECWE 306VNDOracleVNDVulnerabilityTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34275 — Oracle Advanced_inbound_telephony: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34275

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Inbound Telephony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integ CVSSv3.1 9.8 (CRITICAL) · EPSS 13th percentile

CWECWE 306VNDOracleVNDVulnerabilityTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-33519 — Esri Portal_for_arcgis: An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33519

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 266VNDEsriTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-33518 — Esri Portal_for_arcgis: An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33518

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 266VNDEsriTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-21997 — Oracle Life_sciences_empirica_signal: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21997

Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences Empirica Signal. While the vulnerability is in Oracle Life Sciences Empirica Signal, attacks may significantly impact additional products (scope change). Successful at CVSSv3.1 8.5 (HIGH) · EPSS 8th percentile

CWECWE 284VNDOracleVNDVulnerabilityTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2025-70420 — Genesys Latitude: A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70420

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements. CVSSv3.1 8.8 (HIGH) · EPSS 10th percentile

CWECWE 89VNDGenesysTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 20:17Z
HIGH

CVE-2026-6819 — Hkuds Openharness: prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6819

HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation on the system. CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile

CWECWE 276VNDHkudsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 20:17Z
HIGH

CVE-2026-40909 — Wwbn Avideo: An admin attacker (or any user who can CSRF an admin, since no CSRF

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40909

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path at line 30 without any sanitization. The `$_POST['code']` parameter is then written verbatim to that path via `fwrite()` at line 40. An admin attacker (or any user who can CSRF an admin, since no CSRF token is checked and cookies use `SameSite=None`) can traverse out of the `local CVSSv3.1 8.7 (HIGH)

CWECWE 22VNDWwbnTYPVulnerability
8.7
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 20:17Z
CRIT

CVE-2026-40903 — Goshs Goshs: ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6. CVSSv3.1 9.1 (CRITICAL) · EPSS 12th percentile

CWECWE 829VNDGoshsVNDSimplehttpserverTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 20:17Z
HIGH

CVE-2026-40885 — Goshs Goshs: is a SimpleHTTPServer written in Go.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40885

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the collaborator websocket broadcasts raw request headers, including Authorization. An unauthenticated observer can capture a victim's folder-specific basic-auth header and replay it to CVSSv3.1 8.8 (HIGH) · EPSS 21th percentile

CWECWE 200VNDGoshsVNDSimplehttpserverTYPVulnerability
8.8
CVSS v3.1
94
Edit Score