Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-5871 — Google Chrome: Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5870 — Google Chrome: Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5868 — Google Chrome: Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5866 — Google Chrome: Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5865 — Google Chrome: Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5863 — Google Chrome: Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5862 — Google Chrome: Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5861 — Google Chrome: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5860 — Google Chrome: Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote
Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5859 — Google Chrome: Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
CVE-2026-5858 — Google Chrome: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
CVE-2026-40035 — Unfurl: through 2025.08 contains an improper input validation vulnerability in config parsing that enables
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution. CVSSv3.1 9.1 (CRITICAL)
Tearing down a car telematic unit (and finding an accident on Facebook)
Quarkslab researchers performed a physical teardown and firmware extraction of a BYD vehicle telematic unit (TCU) containing a Qualcomm MDM9628 modem. Analysis of the extracted filesystem revealed cleartext Wi-Fi credentials, unauthenticated guest access, enabled debugging interfaces (ADB, Telnet), and forensic GNSS logs that reconstructed the vehicle's complete journey across three countries and correlated to a real accident via OSINT.
kernel-hack-drill — Linux kernel exploitation experiments
kernel-hack-drill is an open-source Linux kernel exploitation playground providing intentionally vulnerable kernel modules and corresponding proof-of-concept exploits. The repository demonstrates fundamental kernel exploitation techniques including use-after-free (UAF), out-of-bounds writes, and privilege escalation via ROP chains, Dirty Pipe, and page table manipulation on x86_64 systems.
v9.0.0-rc3
BloodHound v9.0.0-rc3 release candidate published with bug fixes and feature updates including auditor permission bypass fix (BED-7764), UI alignment corrections, and client bearer auth feature flag enablement. This is a pre-release version in the v9.0.0 development cycle.
CVE-2026-5436 — Form: The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field key) passed to the generate_user_file_dirpath() function, which uses WordPress's path_join() — a function that returns absolute paths unchanged, discarding the intended base directory. The attacker-controlled key is injected via the mwf_upload_files[] POST parameter, which is loaded CVSSv3.1 8.1 (HIGH) · EPSS 47th percentile
CVE-2026-39892 — Cryptography.io Cryptography: Hash.update()), this could lead to buffer overflows.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-39891 — PraisonAI: Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly into these tools without escaping, template expressions in the input are executed rather than treated as literal text. This vulnerability is fixed in 4.5.115. CVSSv3.1 8.8 (HIGH)
CVE-2026-39890 — PraisonAI: This allows an attacker to craft a malicious YAML file that, when parsed, executes
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (R CVSSv3.1 9.8 (CRITICAL)
CVE-2026-39888 — PraisonAI: Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in
PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper (blocked_attrs of python_tools.py) contains only 11 attribute names — a strict subset of the 30+ names blocked in the direct-execution path. The four attributes that CVSSv3.1 9.9 (CRITICAL)
CVE-2026-39860 — Nix: In multi-user installations, this allows all users able to submit builds to the Nix
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following symlinks during fixed-output derivation output registration. This affects sandboxed Linux builds - sandboxed macOS builds are unaffected. The location of the temporary output used for the output copy was lo CVSSv3.1 9.0 (CRITICAL)
CVE-2026-39429 — Kubernetes: This allows anyone who can access the root shard to read and write to
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3. CVSSv3.1 8.2 (HIGH)
CVE-2026-35478 — InvenTree: From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API
InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST /api/user/tokens/ request. The returned token is immediately usable for full API authentication as the target user, from any network location, with no further interaction required. Th CVSSv3.1 8.3 (HIGH)
CVE-2026-35169 — LORIS: From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly sanitize some user supplied variables which could result in a reflected cross-site scripting attack if a user is tricked into following an invalid link. The same input vector could also allow an attacker to download arbitrary markdown fi CVSSv3.1 8.7 (HIGH)
CVE-2026-30818 — Tp-link Archer_ax53_firmware: An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. CVSSv3.1 8.0 (HIGH)