Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-40313 — PraisonAI: In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) into the .git/config file for persistence, and if any subsequent workflow step uploads artifacts (build outputs, logs, test results, etc.), CVSSv3.1 9.1 (CRITICAL)
CVE-2026-40289 — PraisonAI: In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket endpoint. The server binds to 0.0.0.0 by default and only validates the Origin header when one is present, meaning any non-browser client that omits the header is accepted without rest CVSSv3.1 9.1 (CRITICAL)
CVE-2026-40288 — PraisonAI: In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run <file.yaml> loads a YAML file with type: job, the JobWorkflowExecutor in job_workflow.py processes steps that support run: (shell commands via subprocess.run()), script: (inline Python via exec()), and python: (arbitrary Python script e CVSSv3.1 9.8 (CRITICAL)
CVE-2026-40287 — PraisonAI: Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (import_tools_from_file()), tool_resolver.py (_load_local_tools()), and CLI tool-loading paths blindly import ./tools.py at startup without any validation, sandboxing, or user confirmation. An attacker who can place a malicious tools.py in the dir CVSSv3.1 8.4 (HIGH)
CVE-2026-6264 — Talend: A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JM CVSSv3.1 9.8 (CRITICAL)
CVE-2026-4365 — LearnPress: The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in public frontend HTML (`lpData`) to unauthenticated visitors, and uses that nonce as the only security gate for the `lp-load-ajax` AJAX dispatcher. The `delete_question_answer` action has no capability or ownership check. This makes it p CVSSv3.1 9.1 (CRITICAL)
CVE-2026-27681 — Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system. CVSSv3.1 9.9 (CRITICAL)
Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT
Elastic Security Labs disclosed a novel supply-chain attack leveraging Obsidian's legitimate community plugin ecosystem to deliver PhantomPulse, a previously undocumented AI-generated RAT. Threat actors conduct social engineering via LinkedIn and Telegram, posing as venture capital firms, to trick targets in financial/crypto sectors into enabling community plugin sync on a malicious Obsidian vault, triggering silent code execution via the Shell Commands plugin. The Windows attack chain employs multi-stage reflective loading with AES-256-CBC encryption, timer-queue callbacks, and blockchain-based C2 resolution via Ethereum transaction data; a critical weakness in the C2 mechanism allows third parties to hijack implants by submitting competing transactions to the monitored wallet.
CVE-2026-22564 — Access: An Improper Access Control vulnerability could allow a malicious actor with access to the
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later CVSSv3.1 9.8 (CRITICAL)
CVE-2026-22563 — Input: A series of Improper Input Validation vulnerabilities could allow a Command Injection by a
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later CVSSv3.1 9.8 (CRITICAL)
CVE-2026-22562 — A malicious actor with access to the UniFi Play network could exploit a Path
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later CVSSv3.1 9.8 (CRITICAL)
BSIM explained once and for all!
Quarkslab publishes a comprehensive technical deep-dive into Ghidra's BSIM (Behavioral Similarity) algorithm, reverse-engineering its previously undocumented internals. The post covers P-code lifting, normalization, Weisfeiler-Lehman graph hashing, TF-IDF weighting, and cosine similarity comparison used to identify semantically equivalent binary functions across compilers and architectures.
CVE-2026-31048 — An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary
An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message. CVSSv3.1 9.8 (CRITICAL) · EPSS 25th percentile
CVE-2026-6200 — Tenda: This manipulation of the argument menufacturer/Go causes stack-based buffer overflow.
A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. CVSSv3.1 8.8 (HIGH)
CVE-2026-6199 — Tenda: The manipulation of the argument page results in stack-based buffer overflow.
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-6198 — The manipulation of the argument page leads to stack-based buffer overflow.
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-6197 — Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow.
A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-40044 — Pachno: 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, which are unserialized during framework bootstrap before authentication checks occur. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-40042 — Pachno: 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions, comments, and wiki articles to trigger entity resolution via simplexml_load_string() without LIBXML_NONET restrictions. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-40040 — Pachno: 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute them to achieve remote code execution on the server. CVSSv3.1 8.8 (HIGH)
CVE-2026-29955 — Cloudark Kubeplus: The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value. CVSSv3.1 8.8 (HIGH) · EPSS 25th percentile
BloodHound 9.0 — Product Updates
SpecterOps released BloodHound 9.0, expanding attack path analysis beyond Active Directory to SaaS platforms including Okta, Jamf, and GitHub via OpenGraph extensions. The release introduces OpenHound (a standardized data collection framework), Environment Targeted Access Control (ETAC) for multi-tenant deployments, and improved graph visualization and query capabilities.
CVE-2026-6196 — Tenda: Performing a manipulation of the argument cmdinput results in stack-based buffer overflow.
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-6195 — Such manipulation of the argument admpass leads to os command injection.
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-6194 — This manipulation of the argument wan-url causes stack-based buffer overflow.
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 8.8 (HIGH)