Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-4351 — Perfmatters: The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization check or nonce verification. The `$_GET['snippets'][]` values are passed unsanitized to `Snippet::activate()`/`Snippet::deactivate()` which call `Snippet::update()` then `file_put_contents()` with the CVSSv3.1 8.1 (HIGH) · EPSS 19th percentile
CVE-2026-5995 — Executing a manipulation of the argument lan_info can lead to os command injection.
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-5994 — Performing a manipulation of the argument telnet_enabled results in os command injection.
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-5993 — Totolink: Such manipulation of the argument wifiOff leads to os command injection.
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-5992 — Tenda: This manipulation of the argument page causes stack-based buffer overflow.
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. CVSSv3.1 8.8 (HIGH)
CVE-2026-5991 — Tenda: The manipulation of the argument GO results in stack-based buffer overflow.
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-5990 — The manipulation of the argument page leads to stack-based buffer overflow.
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-5989 — Executing a manipulation of the argument page can lead to stack-based buffer overflow.
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-5393 — Wolfssl Wolfssl: Dual-Algorithm CertificateVerify out-of-bounds read.
Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL. CVSSv3.1 9.1 (CRITICAL) · EPSS 13th percentile
CVE-2026-5988 — Tenda: Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow.
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-5503 — Wolfssl Wolfssl: In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL.
In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocatio CVSSv3.1 9.1 (CRITICAL) · EPSS 17th percentile
CVE-2026-5295 — Wolfssl Wolfssl: A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in
A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer (oriOID[MAX_OID_SZ]) via XMEMCPY without first validating that the parsed OID length does not exceed MAX_OID_SZ. A crafted CMS EnvelopedData message with an ORI recipient containing a CVSSv3.1 8.0 (HIGH) · EPSS 5th percentile
CVE-2026-34424 — Smart: Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain CVSSv3.1 9.8 (CRITICAL)
CVE-2026-5984 — The manipulation of the argument curTime leads to buffer overflow.
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)
CVE-2026-5983 — Executing a manipulation of the argument curTime can lead to buffer overflow.
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)
CVE-2026-5982 — Performing a manipulation of the argument curTime results in buffer overflow.
A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)
CVE-2026-5981 — Such manipulation of the argument curTime leads to buffer overflow.
A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)
CVE-2026-5264 — Wolfssl Wolfssl: Heap buffer overflow in DTLS 1.3 ACK message processing.
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile
CVE-2026-40154 — PraisonAI: Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128. CVSSv3.1 9.3 (CRITICAL)
CVE-2026-40113 — PraisonAI: Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injec CVSSv3.1 8.4 (HIGH)
CVE-2026-35645 — OpenClaw: before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with unintended administrative scope. CVSSv3.1 8.1 (HIGH)
CVE-2026-35639 — OpenClaw: before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure. CVSSv3.1 8.8 (HIGH)
CVE-2026-35638 — OpenClaw: before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements. CVSSv3.1 8.8 (HIGH)
CVE-2026-34512 — OpenClaw: before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route
OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing ownership and operator scope restrictions. CVSSv3.1 8.1 (HIGH)
CVE-2026-33785 — Authorization: A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Secu CVSSv3.1 8.8 (HIGH)