newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-09 21:29Z
Subscribe to news →
CVE-2026-49185 — Acer Connect_m6e_5g_firmware: The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-41283 — OpenStack: Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed.
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials. CVSSv3.1 9.9 (CRITICAL)
9.9
CVSS v3.1
100
Edit Score
CVE-2026-41010 — File: ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where
ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolated into a shell string: Bosh::Common::Exec.sh("tar -C #{job_dir} -xf #{job_tgz} 2>&1", :on_error => :return). Bosh::Common::Exec.sh executes via %x{#{command}} (bosh-co CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-41860 — CWE: CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH director or UAA and steal credentials. Affected versions: - BOSH: all versions prior to v282.1.9 (inclusive); fixed in v282.1.9 or later CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41011 — PackagePersister: PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name
PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x{} — i.e., /bin/sh -c. No Shellwords.escape is applied. The Models::Package Sequel validation (VALID_ID = /^[-0-9A-Za-z_+.]+$/i) would reject the name, but in create_package (lines 74–79) the shell-o CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
You do surprise me.exe: An unexpected executable in Hola Browser
Sophos X-Ops·news.sophos.com
Sophos X-Ops discovered me.exe, an undeclared crypto-miner executable, bundled with Hola Browser v1.251.91.0 during AppEsteem certification testing. The binary exhibited suspicious characteristics (obfuscation, unsigned, no timestamp, memory-write capability) and was inconsistently delivered across build channels, indicating a supply-chain integrity issue. Hola confirmed the compromise, halted the affected pipeline, engaged Sygnia for forensic investigation, and rebuilt their distribution infrastructure with enhanced code-signing and access controls.
72
Edit Score
"Practical Android Software Protection in the Wild" - An Appetizer
Quarkslab·blog.quarkslab.com
Quarkslab publishes a comprehensive survey of Android software protection techniques based on a PhD thesis analyzing 2.5 million apps. The research organizes anti-analysis defenses into four families: adversarial execution environment checks, anti-disassembly/decompilation, code/data obfuscation, and program loading abuse. Key findings show only ~4% of analyzed apps use protections, concentrated in finance/gaming categories, with significantly higher adoption (up to 40%) in Chinese app markets.
62
Edit Score
CVE-2026-46273 — Linux: In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for
In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stopping all traffic until manually reset. Implement ndo_features_check to disable GSO for packets with small MSS values. The network stack will perform software segmentation instead. T CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
CVE-2026-46270 — Linux: In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix
In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `power_supply` handle, means that the `power_supply` handle will be deallocated/unregistered _before_ the interrupt handler (since `devm_` naturally deallocates in reverse allocation order). This means that during removal, there is a rac CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2026-46266 — Linux: In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using
In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO_RAW (255) was dangerous. socket(AF_INET, SOCK_RAW, 255); A malicious incoming ICMP packet can set the protocol field to 255 and match this socket, leading to FNHE cache changes. inner = IP(src="192.168.2.1", dst="8.8.8.8", proto=255)/Raw("TEST") pkt = IP(src="192.168.1. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-46264 — Linux: This may lead to errors like: [ ] kobject: '(null)' (ff110001393608e0): is not initialized
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: [ ] kobject: '(null)' (ff110001393608e0): is not initialized, yet kobject_put() is being called. [ ] WARNING: lib/kobject.c:734 at kobject_put+0xd9/0x250, CPU#0: kworker/0:0/9 [ ] RIP: 0010:kobject_put+0xdf CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46251 — Linux: This is apparent on a subsequent list_del on the prev if we enable CONFIG_DEBUG_LIST
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block group tree to the switch_commits list before calling switch_commit_roots, as we do for the tree root and the chunk root. However, the block group tree uses normal root dirty tracking and in any transaction that does an allocation and dirties a block group, the block group root wil CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2026-46244 — Linux: This creates a desync between inner_thoff (wrong — points to extension header start) and
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly computes the transport header offset traversing all extension headers, but the result is immediately overwritten with nhoff + sizeof(_ip6h) (40 bytes), which only accounts for the IPv6 base header. This creates a desync between inner_thoff (wrong — points to extension he CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-36608 — Mercusys: AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the internet with a single SOAP request. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-36607 — Mercusys: AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied to the login endpoint (code=7). An attacker on the adjacent network can attempt unlimited passwords without triggering account lockout. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-36603 — Mercusys: AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary port forwarding rules and access WAN traffic statistics. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-20230 — Cisco: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A succes CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
CVE-2026-36748 — RockRMS: v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. CVSSv3.1 9.0 (CRITICAL)
9.0
CVSS v3.1
95
Edit Score
CVE-2026-36576 — An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-5241 — LightGlue: A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when loading a LightGlue model using `AutoModel.from_pretrained()` with `trust_remote_c CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-35085 — A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-35084 — A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-35083 — A remote attacker with user privileges can exploit a stack buffer overflow to gain
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-35082 — The ugw-logread method allows a remote attacker with user privileges to access arbitrary local
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-35081 — The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score