Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-30815 — Tp-link Archer_ax53_firmware: An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modification of configuration files, disclosure of sensitive information, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. CVSSv3.1 8.0 (HIGH)
CVE-2026-30814 — Tp-link Archer_ax53_firmware: A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Bui CVSSv3.1 8.0 (HIGH)
CVE-2026-2942 — ProSolution: The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile
CVE-2026-20160 — Cisco: CVE-2026-20160 is a critical unauthenticated remote code execution vulnerability in Cisco Smart
CVE-2026-20160 is a critical unauthenticated remote code execution vulnerability in Cisco Smart Software Manager On-Prem (versions 9-202502 through 9-202510) caused by exposure of an internal API service. Successful exploitation grants root-level command execution on the underlying appliance with no authentication required and no workarounds available. Cisco released patches in version 9-202601 and later; Horizon3.ai released Rapid Response detection coverage on April 8, 2026.
CVE-2026-33466 — Limitation: Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesyst CVSSv3.1 8.1 (HIGH)
CVE-2025-52221 — Tenda Ac6_firmware: AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-31017 — Frappe Erpnext: A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext
A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application allows the inclusion of HTML elements such as <iframe> that reference external resources. The PDF rendering engine automatically fetches these resources on the server side. An attack CVSSv3.1 9.1 (CRITICAL)
CVE-2023-46945 — Qd-today Qd: 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request
QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request CVSSv3.1 9.1 (CRITICAL)
Node.js Trust Falls: Dangerous Module Resolution on Windows
ZDI disclosed a systemic vulnerability in Node.js module resolution on Windows where the runtime searches C:\node_modules as a fallback path, allowing any low-privileged user to plant malicious modules that execute with the privileges of applications loading missing or optional dependencies. Two 0-day cases are documented: npm CLI (CVE-2026-0775, patched in v11.2.0) and Discord (CVE-2026-0776, unpatched), with evidence that MongoDB Compass, MongoDB Shell, and other Electron-based applications are similarly affected. Node.js maintainers explicitly reject this as a vulnerability, citing "trust the filesystem" philosophy, while npm and Discord refuse to treat local-access exploits as valid security issues.
CVE-2026-33229 — Xwiki Xwiki: Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of the whole instance. Note that script right already cons CVSSv3.1 9.8 (CRITICAL)
CVE-2026-31040 — Statamcp Stata-mcp: A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution. CVSSv3.1 9.8 (CRITICAL)
Incident Response Remediation: How to Eliminate Attack Paths After a Breach
Horizon3.ai publishes a framework for post-incident remediation that distinguishes between incident containment and actual elimination of attack paths. The article argues most organizations fail remediation by treating ticket closure as resolution, overlooking identity risks, and skipping validation testing—allowing attackers to reuse the same compromise vectors. The framework emphasizes four key questions: initial access vector, persistence mechanisms, lateral movement paths, and validation through adversarial testing.
CVE-2026-39394 — CI4MS: The install routes have CSRF protection explicitly disabled, and the InstallFilter can be bypassed
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings(), which writes it into the .env file via preg_replace(). Because newline characters in the value are not stripped, an attacker can inject arbitrary configuration directives into the .env CVSSv3.1 8.1 (HIGH)
CVE-2026-39393 — CI4MS: Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('settings')) combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cache miss (TTL expiry or admin-triggered cache clear), the guard fails open, allow CVSSv3.1 8.1 (HIGH)
FortiGate CVE-2025-59718 Exploitation: Incident Response Findings
Rapid7's IR team investigated a FortiGate CVE-2025-59718 exploitation incident where attackers bypassed SSO authentication to gain initial access, then established persistence through account creation and configuration modification before pivoting to internal systems. The attackers maintained low-profile activity for two weeks, downloading configurations, enabling SSL VPN, and creating administrative accounts before lateral movement via RDP and PsExec. The investigation demonstrates the importance of edge device visibility and backward-timeline reconstruction to identify the true initial access vector.
CVE-2026-5208 — Command: injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names CVSSv3.1 8.2 (HIGH)
CVE-2026-3396 — WCAPF: – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 7.5 (HIGH) · EPSS 95th percentile
CVE-2026-3243 — Advanced: The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability was partially patched CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile
CVE-2026-39640 — Site: Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. CVSSv3.1 9.6 (CRITICAL) · EPSS 5th percentile
CVE-2026-39621 — Site: Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell
Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5. CVSSv3.1 8.8 (HIGH) · EPSS 5th percentile
CVE-2026-39620 — Site: Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5. CVSSv3.1 9.6 (CRITICAL) · EPSS 5th percentile
CVE-2026-39619 — Site: Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2. CVSSv3.1 9.6 (CRITICAL) · EPSS 5th percentile
CVE-2026-39617 — Site: Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3. CVSSv3.1 9.6 (CRITICAL) · EPSS 5th percentile
CVE-2026-39495 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile
CVE-2026-39486 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8. CVSSv3.1 8.5 (HIGH) · EPSS 11th percentile