Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-35393 — Goshs Goshs: is a SimpleHTTPServer written in Go.
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-35392 — Goshs Goshs: is a SimpleHTTPServer written in Go.
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-35459 — In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery (SSRF) vulnerability.
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery (SSRF) vulnerability. The fix for CVE-2026-33992 added IP validation to BaseDownloader.download() that checks the hostname of the initial download URL. However, pycurl is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects. Redirect targets are never validated against the SSRF filter. An au CVSSv3.1 9.1 (CRITICAL)
CVE-2026-35184 — EcclesiaCRM: Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-35182 — Ajax30 Bravecms: Prior to 2.0.6, this vulnerability is a missing authorization check found in the update
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6. CVSSv3.1 8.8 (HIGH)
CVE-2026-35022 — Anthropic: Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can inject shell metacharacters through parameters like apiKeyHelper, awsAuthRefresh, awsCredentialExport, and gcpAuthRefresh to execute arbitrary commands with the privileges of the user or automation environm CVSSv3.1 9.8 (CRITICAL)
CVE-2026-35020 — Anthropic: Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharacters into the TERMINAL variable which are interpreted by /bin/sh when the command lookup helper constructs and executes shell commands with shell=true. The vulnerability can be tri CVSSv3.1 8.4 (HIGH)
CVE-2025-54328 — Samsung Exynos_980_firmware: A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages.
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages. CVSSv3.1 10.0 (CRITICAL)
CVE-2026-35616 — Fortinet: Active exploitation in the wild was confirmed before public disclosure, with ~2,000
CVE-2026-35616 is a critical pre-authentication API access control bypass in Fortinet FortiClient EMS 7.4.5–7.4.6 enabling unauthenticated remote code execution. Active exploitation in the wild was confirmed before public disclosure, with ~2,000 internet-exposed instances identified. CISA added it to the KEV catalog with an April 9 remediation deadline for federal agencies.
CVE-2025-58349 — Samsung Exynos_990_firmware: Incorrect handling of LTE MAC packets containing many MAC Control Elements (CEs) leads to
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of LTE MAC packets containing many MAC Control Elements (CEs) leads to baseband crashes. CVSSv3.1 9.1 (CRITICAL)
AI Red Teaming Still Comes Back to Identity, Access, and Attack Paths
SpecterOps VP Russel Van Tuyl discusses AI red teaming methodology, arguing that enterprise AI risk stems primarily from familiar identity and access control failures rather than novel model exploits. The article emphasizes that AI systems amplify traditional attack paths by concentrating access, enabling token theft, OAuth abuse, and lateral movement across integrated platforms—with prompt injection being the main genuinely new attack vector, but still fundamentally a social engineering problem.
CVE-2026-35470 — Devcode Openstamanager: Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $_GET['righe'] is directly concatenated into an SQL query without any sanitization, parameterization or validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, inclu CVSSv3.1 8.8 (HIGH)
CVE-2026-35174 — Chyrplite Chyrp_lite: Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download any file on the server, including config.json.php with database credentials and overwrite critical system files, leading to remote code execution. This vulnerability is fixed in 2026 CVSSv3.1 9.1 (CRITICAL)
CVE-2026-35171 — Linuxfoundation Kedro: Prior to 1.3.0, Kedro allows the logging configuration file path to be set via
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema supports the special () key, which enables arbitrary callable instantiation. An attacker can exploit this to execute arbitrary system commands during application startup. This is a critical remote code execution (RCE) vulnerability cau CVSSv3.1 9.8 (CRITICAL)
CVE-2026-35164 — Ajax30 Bravecms: This allows an authenticated user to upload executable PHP scripts and gain Remote Code
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies entirely on user input. This allows an authenticated user to upload executable PHP scripts and gain Remote Code Execution. This vulnerability is fixed in 2.0.6. CVSSv3.1 8.8 (HIGH)
CVE-2026-35050 — This allows to overwrite python files, for instance the "download-model.py" file could be overwritten.
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, this python file can be triggered to get executed from "Model" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1. CVSSv3.1 9.1 (CRITICAL)
CVE-2026-35047 — Ajax30 Bravecms: Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-35045 — Tandoor Recipes: Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authenticated user
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by other users. This bypasses all object-level authorization checks enforced on standard single-recipe endpoints (PUT /api/recipe/{id}/), enabling forced exposure of private recipes, u CVSSv3.1 8.1 (HIGH)
CVE-2026-35044 — Bentoml Bentoml: Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile_template files. When a victim imports a malicious bento archive and runs bentoml containerize, attacker-controlled Jinja2 template code execut CVSSv3.1 8.8 (HIGH)
v9.0.0-rc1
BloodHound v9.0.0-rc1 released with numerous feature additions and bug fixes including OpenGraph extension management improvements, API key expiration support, JIT account opt-out functionality, and UI/UX enhancements across the graph visualization and reporting interfaces.
CVE-2026-35039 — JSON: From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not
fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification process leading to valid tokens returning claims from different valid tokens and users being mis-identified as other users based on the wrong token. Version 6.2.0 contains a patch. CVSSv3.1 9.1 (CRITICAL)
CVE-2026-35030 — Litellm Litellm: Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a le CVSSv3.1 9.1 (CRITICAL)
CVE-2026-35029 — Litellm Litellm: A user who is already authenticated into the platform can then use this endpoint
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment variables, register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution, read arbitrary server files by setting UI_L CVSSv3.1 8.8 (HIGH)
CVE-2026-34989 — Ci4-cms-erp Ci4ms: This stored payload is later rendered unsafely in multiple application views without proper output
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name (e.g., full name / username). An attacker can inject a malicious JavaScript payload into their profile name, which is then stored server-side. This stored payload is later rendered unsafely in multiple application vie CVSSv3.1 9.0 (CRITICAL) · EPSS 16th percentile
CVE-2026-34976 — Dgraph: An unauthenticated attacker can overwrite the entire database, read server-side files, and perform SSRF.
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts attacker-controlled backup source URLs (including file:// for local filesystem access), S3/MinIO credentials, encryption CVSSv3.1 10.0 (CRITICAL)