Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-40434 — Anviz Crosschex_standard: CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection
Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. CVSSv3.1 8.1 (HIGH) · EPSS 7th percentile
CVE-2026-40342 — Firebirdsql Firebird: An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes imm CVSSv3.1 9.9 (CRITICAL) · EPSS 25th percentile
CVE-2026-40066 — Anviz Cx7_firmware: CX2 Lite and CX7 are vulnerable to unverified update packages that can be
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. CVSSv3.1 8.8 (HIGH) · EPSS 8th percentile
CVE-2026-35682 — Anviz Cx2_lite_firmware: CX2 Lite is vulnerable to an authenticated command injection via a filename parameter
Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2026-35546 — Anviz Cx7_firmware: CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads.
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell. CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile
CVE-2026-33516 — Neutrinolabs Xrdp: Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase.
xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability by sending a specially crafted Confirm Active PDU. Successful exploitation could lead to a denial of service (process crash) or potential disclosure of sensitive information from th CVSSv3.1 9.1 (CRITICAL) · EPSS 40th percentile
CVE-2026-32623 — Neutrinolabs Xrdp: Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module.
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, pote CVSSv3.1 8.1 (HIGH) · EPSS 65th percentile
CVE-2026-32107 — Neutrinolabs Xrdp: This improper privilege management could allow an authenticated local attacker to escalate privileges to
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6. CVSSv3.1 8.8 (HIGH) · EPSS 2th percentile
CVE-2026-40525 — Volcengine Openviking: prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI
OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstre CVSSv3.1 9.1 (CRITICAL) · EPSS 33th percentile
CVE-2026-28224 — Firebirdsql Firebird: In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0 CVSSv3.1 8.2 (HIGH) · EPSS 26th percentile
CVE-2026-27890 — Firebirdsql Firebird: In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issu CVSSv3.1 8.2 (HIGH) · EPSS 26th percentile
Mythos Didn’t Break Cybersecurity. It Exposed What Was Already Broken.
Horizon3.ai's analysis of Mythos AI and similar vulnerability-discovery systems argues that the real cybersecurity gap is not vulnerability volume but the industry's inability to prioritize based on actual exploitability and attack-path impact. The piece contends that organizations are already overwhelmed with unremediable backlogs and that AI-accelerated vulnerability discovery merely exposes pre-existing structural failures in how risk is assessed and remediated.
CVE-2026-5718 — Drag: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default dangerous extension denylist instead of merging with it, and the wpcf7_antiscript_file_name() sanitization function being bypassed for filenames containing non-ASCII characters. This make CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-40516 — Hkuds Openharness: before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endp CVSSv3.1 8.3 (HIGH) · EPSS 11th percentile
v2.12.1-rc1: fix: BED-4600 - Add Request Timeout (#188)
AzureHound v2.12.1-rc1 release candidate adds request timeout handling to prevent indefinite hangs on failed API calls (BED-4600). This is a routine bug-fix release with no security vulnerabilities disclosed.
We beat Google’s zero-knowledge proof of quantum cryptanalysis
Trail of Bits demonstrated a cryptographic proof forgery attack against Google's zero-knowledge proof of quantum circuit optimization by exploiting memory safety vulnerabilities in the SP1 zkVM prover's Rust implementation. The attack leveraged unsafe deserialization (rkyv access_unchecked) and register aliasing to bypass Toffoli gate counting and implement non-reversible quantum operations, producing a forged proof with 0 Toffoli gates vs. Google's 2.1M while maintaining correctness on elliptic curve point addition.
CVE-2025-15625 — Sparxsystems Pro_cloud_server: Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server
Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile
CVE-2026-23853 — Dell Powerprotect_dp_series_appliance: An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system. CVSSv3.1 8.4 (HIGH) · EPSS 2th percentile
CVE-2026-3605 — Hashicorp Vault: An authenticated user with access to a kvv2 path through a policy containing a
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret data. Fxed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16. CVSSv3.1 8.1 (HIGH) · EPSS 2th percentile
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday
Microsoft released 163 patches across 17 product families in April 2026 Patch Tuesday, addressing 8 Critical-severity vulnerabilities and 154 Important-severity issues. Two vulnerabilities are actively exploited in the wild: CVE-2026-32201 (SharePoint spoofing) and CVE-2026-33825 (Defender EoP). The patch load includes 20 RCEs and 94 elevation-of-privilege vulnerabilities, with IKE (CVE-2026-33824, CVSS 9.8) and multiple Office RCEs requiring immediate attention.
v9.0.2-rc1
BloodHound v9.0.2-rc1 release candidate published with bug fixes for cipher support (BED-8029) and Azure post-processing failures with PostgreSQL (BED-8031). This is a pre-release version containing 4 commits since v9.0.1.
WerReportCreate API
Hexacorn documents the WerReportCreate API, a Windows error reporting mechanism used across native OS binaries and libraries. The research catalogs how various system components invoke this API with unique event names for diagnostic purposes, revealing the breadth of Windows error reporting infrastructure.
CVE-2026-41113 — sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto
sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. CVSSv3.1 8.1 (HIGH) · EPSS 26th percentile
CVE-2026-33032: Nginx UI Missing MCP Authentication
CVE-2026-33032 is a critical missing authentication vulnerability (CVSS 9.8) in Nginx UI that allows unauthenticated attackers to access a Model Context Protocol (MCP) server capable of performing privileged operations on managed Nginx instances. The vulnerability is being actively exploited in the wild as part of a two-stage attack chain with CVE-2026-27944 (information leak), affecting versions 2.3.5 and below. Patched in version 2.3.6.
CVE-2026-27820 — Ruby-lang Zlib: Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capaci CVSSv3.1 9.8 (CRITICAL) · EPSS 2th percentile