Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2019-25701 — Easy: Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges. CVSSv3.1 8.4 (HIGH)
CVE-2019-25697 — CMSsite: 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials. CVSSv3.1 8.2 (HIGH)
CVE-2019-25695 — R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field. CVSSv3.1 8.4 (HIGH)
CVE-2019-25691 — Faleemi: Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets. CVSSv3.1 8.4 (HIGH)
CVE-2019-25689 — HTML5: Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process. CVSSv3.1 8.4 (HIGH)
CVE-2018-25258 — RGui: 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution. CVSSv3.1 8.4 (HIGH)
CVE-2026-6124 — Tenda: Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow.
A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. CVSSv3.1 8.8 (HIGH)
CVE-2026-6123 — Tenda: Performing a manipulation of the argument entrys results in stack-based buffer overflow.
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-6122 — Such manipulation of the argument page leads to stack-based buffer overflow.
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-6121 — This manipulation of the argument GO causes stack-based buffer overflow.
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)
BYOVD — BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, C
BYOVD is a comprehensive Rust-based toolkit demonstrating Bring Your Own Vulnerable Driver (BYOVD) exploitation techniques to disable AV/EDR solutions. The repository contains 12+ proof-of-concept exploits targeting vulnerable kernel drivers from major security vendors, coupled with a detailed reverse-engineering methodology for x64 Windows drivers. Multiple CVEs are actively exploited in the wild by ransomware groups using derived tools like EDRKillShifter.
CVE-2026-6120 — Tenda: The manipulation of the argument page results in stack-based buffer overflow.
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-6116 — The manipulation of the argument ip leads to os command injection.
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-6115 — Executing a manipulation of the argument enable can lead to os command injection.
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-6114 — Totolink: Performing a manipulation of the argument proto results in os command injection.
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-6113 — Such manipulation of the argument ttyEnable leads to os command injection.
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-6112 — This manipulation of the argument maxRtrAdvInterval causes os command injection.
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-1116 — Scripting: A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage`
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the context of another user's browser. Exploitation of this vulnerability can lead to acc CVSSv3.1 8.2 (HIGH)
CVE-2026-31845 — XSS: A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier
A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitization, output encoding, or content-type restrictions. The vulnerable code is: if (isset($_GET['zd_echo'])) exit($_GET['zd_echo']); An unauthenticated attacker can exploit this is CVSSv3.1 9.3 (CRITICAL)
CVE-2026-34621 — Adobe Acrobat_dc: Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVSSv3.1 8.6 (HIGH)
CVE-2026-5144 — BuddyPress: The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-silent-add` parameters from user input without proper authorization checks. The `groupblog-blogid` parameter allows any group admin (including Subscribers who create their own group) to associate their group with any blog on the Multisit CVSSv3.1 8.8 (HIGH) · EPSS 6th percentile
CVE-2026-5059 — AWS: aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability.
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this CVSSv3.1 9.8 (CRITICAL)
CVE-2026-5058 — Command: aws-mcp-server Command Injection Remote Code Execution Vulnerability.
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnera CVSSv3.1 9.8 (CRITICAL)
CVE-2026-4149 — Sonos: Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability.
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of CVSSv3.1 10.0 (CRITICAL)
CVE-2026-40189 — Goshs Goshs: This results in a critical authorization bypass affecting confidentiality, integrity, and availability.
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload, create directories with ?mkdir, and delete files with ?delete inside a .goshs-protected directory. By deleting the .goshs fi CVSSv3.1 9.8 (CRITICAL)