newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-09 01:55Z
Subscribe to news →
Off By !: Exploiting a Use-after-Free in the Linux Kernel
Exodus Intelligence disclosed a use-after-free vulnerability (CVE-2026-23111) in the Linux kernel's nftables subsystem affecting the pipapo set implementation. The flaw exists in the nft_map_catchall_activate() function which incorrectly skips deactivated catchall elements during abort processing, leaving reference counters in an inconsistent state. This enables local privilege escalation from unprivileged user to root on Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS; the vulnerability was patched upstream on 5 February 2026.
82
Edit Score
CVE-2026-50751 — A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. CVSSv3.1 9.3 (CRITICAL)
9.3
CVSS v3.1
97
Edit Score
CVE-2026-11504 — Tenda: Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow.
A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11503 — Such manipulation of the argument ssid leads to stack-based buffer overflow.
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41724 — VMware: Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-41723 — VMware: Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-41722 — VMware: Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-11499 — Tenda: Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow.
A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-11498 — Tenda: Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow.
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2024-58349 — WordPress: Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2024-58348 — WordPress: Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2023-54352 — WordPress: Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open
WinRAR path-traversal vulnerability CVE-2025-8088 (CVSS 8.4), patched in July 2025, continues to be actively exploited by multiple Russia-aligned threat actors including SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon) against Ukrainian targets through April 2026. The flaw exploits NTFS Alternate Data Streams to silently write files outside extraction directories, enabling initial access via email-delivered RAR archives with decoy documents. SHADOW-EARTH-066 has evolved from basic Excel macro droppers with plaintext Telegram exfiltration to sophisticated WinRAR exploit chains delivering an updated GIFTEDCROOK information stealer with in-memory DLL loading, dual-layer RC4 encryption, Chrome App-Bound Encryption bypass, and dedicated C&C infrastructure.
82
Edit Score
CVE-2026-26422 — clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2026-11413 — The manipulation leads to stack-based buffer overflow.
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7654 — Admin: The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper validation. This makes it possible for authenticated attackers with Contributor-level access and above to inject a serial CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11416 — MoviePilot: contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename normalization or path validation. An attacker who controls a filename returned by a remote cloud storage API can include traversal sequences ../ in the filename to cause downloaded conten CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-45758 — Guardrails: Those who installed version 0.10.1 should rotate any credentials accessible from their machine (GitHub
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be affected. Security researchers identified the malicious package within approximately 2 hours of publication, and PyPI quarantined the repository. Based on our telemetry, Guardrails AI maintainers have CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-11401 — An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26 CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-11400 — An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper. To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1. CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-0257 | Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass Vulnerability | Active Exploitation
CVE-2026-0257 is a critical authentication bypass in Palo Alto Networks PAN-OS GlobalProtect portal/gateway that allows unauthenticated attackers to establish unauthorized VPN sessions by exploiting insufficient validation of authentication override cookies. The vulnerability affects PAN-OS 10.2, 11.1, 11.2, and 12.1 branches, with active exploitation confirmed since May 17, 2026, and inclusion in CISA's KEV catalog. Patches are available across all affected branches.
92
Edit Score
CVE-2026-5415 — Captcha: The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajax_run_tool() AJAX handler relying solely on a nonce check (check_ajax_referer) for security without performing any capability check, combined with the create_temporary_link tool allowing the generation of passwordless login links for arbitrary user CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-5411 — Captcha: The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the save_ajax() function of the licensing module, combined with unrestricted file extraction in sync_cloud_protection(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46392 — HAX: CMS helps manage microsite universe with PHP or NodeJs backends.
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML files is case-sensitive. An HTML file uploaded with an uppercase extension (`.HTML`, `.Html`, `.HTM`) is still served as `text/html` but the forced-download header never applies, CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-46389 — UDS: Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed
UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the `client-kubernetes-secret` Keycloak client authenticator (shipped by `uds-identity-config` and consumed by UDS Core) causes the submitted `client_secret` to be overwritten with the mounted Kubernetes secret before comparison. An attacker who can reach the Keycloak token endpoin CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score