Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
BloodHound 9.0 — Product Updates
SpecterOps released BloodHound 9.0, expanding attack path analysis beyond Active Directory to SaaS platforms including Okta, Jamf, and GitHub via OpenGraph extensions. The release introduces OpenHound (a standardized data collection framework), Environment Targeted Access Control (ETAC) for multi-tenant deployments, and improved graph visualization and query capabilities.
CVE-2026-6196 — Tenda: Performing a manipulation of the argument cmdinput results in stack-based buffer overflow.
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-6195 — Such manipulation of the argument admpass leads to os command injection.
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-6194 — This manipulation of the argument wan-url causes stack-based buffer overflow.
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 8.8 (HIGH)
CVE-2026-6100 — Use: Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a ` CVSSv3.1 8.1 (HIGH)
CVE-2026-32316 — JSON: An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer allocation size calculation, resulting in a drastically undersized heap buffer. Subsequent memory copy operations then write the full string data into this undersized buffer, cau CVSSv3.1 8.2 (HIGH)
CVE-2026-28291 — Git: simple-git enables running native Git commands from JavaScript.
simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git's flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operat CVSSv3.1 8.1 (HIGH)
CVE-2026-6186 — The manipulation of the argument NatBind leads to buffer overflow.
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2025-69627 — Gonitro Nitro_pdf_pro: Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may proces CVSSv3.1 8.4 (HIGH)
v9.0.0
BloodHound v9.0.0 released with incremental feature additions and bug fixes including API key expiration support, OpenGraph extension management improvements, Azure ingestion enhancements, and UI/UX refinements across 40+ contributors.
CVE-2026-33858 — Dag: Authors, who normally should not be able to execute code in the webserver
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue. CVSSv3.1 8.8 (HIGH)
CVE-2026-31283 — Totara: In Totara LMS v19.1.5 and before, the forgot password API does not implement rate
In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a hard control enforced via flag PWRESET_STATUS_ALREADYSENT, and no further password-reset email messages are sent if this flag is active for a specific email address. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-31282 — Totara: LMS v19.1.5 and before is vulnerable to Incorrect Access Control.
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-31281 — Totara: LMS v19.1.5 and before is vulnerable to HTML Injection.
Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The supplier states that the product name is Totara Learning and that the functionality referenced is the in app messaging client. They note that the in app messaging client only has the abili CVSSv3.1 8.0 (HIGH) · EPSS 13th percentile
CVE-2026-1462 — A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled
A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker- CVSSv3.1 8.8 (HIGH)
CVE-2026-31414 — Linux: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_help() without holding a reference to the master conntrack is unsafe. Use exp->master->helper in ctnetlink path if userspace does not provide an explicit helper when creating an expectation to retain the existing behaviour. The ctnetlink expectation path holds the reference on th CVSSv3.1 9.8 (CRITICAL) · EPSS 9th percentile
CVE-2026-35337 — Deserialization: of Untrusted Data vulnerability in Apache Storm.
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering or validation. An authenticated user with topology submission rights could supply a crafted serialized object in the "TGT" credential field, leading to remote code execution in bot CVSSv3.1 8.8 (HIGH)
JanelaRAT: a financial threat targeting users in Latin America
JanelaRAT is an active banking trojan targeting Latin American financial users, particularly in Brazil and Mexico, with 26,434 detected attacks in 2025. The malware evolved from BX RAT and employs multi-stage infection chains using MSI droppers, DLL sideloading, and custom C2 infrastructure with daily rotation via dynamic DNS. Version 33 introduces live banking session hijacking, credential harvesting overlays mimicking legitimate banking interfaces, keystroke injection, and anti-analysis evasion targeting banking security software.
CVE-2026-6168 — This manipulation of the argument ssid5g causes stack-based buffer overflow.
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-5936 — This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints
An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment. CVSSv3.1 8.5 (HIGH)
CVE-2026-5085 — Mcrawfor Solstice\: Predictable session ids could allow an attacker to gain access to systems.
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id. The same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution. The epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain pr CVSSv3.1 9.1 (CRITICAL)
CVE-2026-3830 — Product: The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks CVSSv3.1 8.6 (HIGH)
CVE-2026-25208 — Integer: overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot
Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. CVSSv3.1 8.1 (HIGH)
CVE-2026-6157 — Totolink: The manipulation of the argument apcliSsid results in buffer overflow.
A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-6156 — The manipulation of the argument Comment leads to os command injection.
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)