Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2019-25674 — Victoralagwu Cmssite: 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perform time-based blind SQL injection attacks. CVSSv3.1 8.2 (HIGH)
CVE-2019-25673 — UniSharp: Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path. CVSSv3.1 8.8 (HIGH)
CVE-2019-25672 — Kartatopia Piluscart: 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information. CVSSv3.1 8.2 (HIGH)
CVE-2019-25671 — MAX: VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu_eth0 field to execute commands as the apache user. CVSSv3.1 8.8 (HIGH)
CVE-2019-25670 — River: Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception handler override, and shellcode to trigger code execution when the application processes the input. CVSSv3.1 8.4 (HIGH)
CVE-2019-25669 — Qdpm Qdpm: 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search_by_extrafields[] parameter. Attackers can send POST requests to the users endpoint with malicious search_by_extrafields[] values to trigger SQL syntax errors and extract database information. CVSSv3.1 8.2 (HIGH)
CVE-2019-25668 — News: Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information. CVSSv3.1 8.2 (HIGH)
CVE-2019-25662 — Montala Resourcespace: 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials. CVSSv3.1 8.2 (HIGH)
CVE-2019-25656 — R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to overwrite SEH records and achieve code execution with calculator or arbitrary shellcode. CVSSv3.1 8.4 (HIGH)
CVE-2026-5567 — Executing a manipulation of the argument policyType can lead to buffer overflow.
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-5566 — UTT: Performing a manipulation of the argument NatBind results in buffer overflow.
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH) · EPSS 14th percentile
CVE-2026-5550 — Tenda: The manipulation leads to stack-based buffer overflow.
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected. CVSSv3.1 8.8 (HIGH)
CVE-2026-5548 — Tenda: Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow.
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely. CVSSv3.1 8.8 (HIGH)
CVE-2026-5544 — The manipulation of the argument Profile results in stack-based buffer overflow.
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. CVSSv3.1 8.8 (HIGH) · EPSS 14th percentile
CVE-2018-25255 — Strike: 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application. CVSSv3.1 8.4 (HIGH)
CVE-2018-25254 — NICO: NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode. CVSSv3.1 9.8 (CRITICAL)
CVE-2018-25251 — Snes9K: 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field
Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation. CVSSv3.1 8.4 (HIGH)
CVE-2016-20052 — Snewscms Snews: CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-3666 — Forum: The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and above, to delete arbitrary files on the server by embedding a crafted path traversal string in a forum post body and then deleting the post. CVSSv3.1 8.8 (HIGH) · EPSS 10th percentile
CVE-2026-4896 — WCFM: The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including `wcfm_modify_order_status`, `delete_wcfm_article`, `delete_wcfm_product`, and the article management controller due to missing validation on user-supplied object IDs. This makes it possible for authenticated attackers, with Vendor- CVSSv3.1 8.1 (HIGH) · EPSS 2th percentile
CVE-2026-35616 — Fortinet Forticlientems: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-34780 — Electronjs Electron: From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects (from the WebCodecs API) across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged VideoFrame to gain acces CVSSv3.1 8.3 (HIGH)
CVE-2026-34955 — Praison Praisonai: Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone executables, allowing trivial sandbox escape in STRICT mode via sh -c '<command>'. This issue has been patched in version 4.5.97. CVSSv3.1 8.8 (HIGH)
CVE-2026-34774 — Electron: Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption. Apps are only affect CVSSv3.1 8.1 (HIGH)
CVE-2026-34954 — Praison Praisonaiagents: Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95. CVSSv3.1 8.6 (HIGH)