Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-33940 — Handlebarsjs Handlebars: In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to return `undefined`. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to `env.compile()`. Because the object is a valid Handlebars AST containing injected code CVSSv3.1 8.1 (HIGH)
CVE-2019-25651 — Ubiquiti: UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vu CVSSv3.1 8.3 (HIGH) · EPSS 1th percentile
darksword-kexploit — iOS <=26.0.1 DarkSword Kernel Exploit reimplemented in Objective-C
opa334 has published darksword-kexploit, a Objective-C reimplementation of a kernel exploit targeting iOS versions up to 26.0.1. The exploit appears to be a public proof-of-concept for kernel-level privilege escalation on Apple's mobile platform.
CVE-2026-34046 — Langflow Langflow: Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check — the query returned any flow matching the given UUID regardless of who owned it. This allowed any authenticated user CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile
CVE-2026-33938 — Handlebarsjs Handlebars: provides the power necessary to let users build semantic templates.
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites `@partial-block` with a crafted Handlebars AST, a subsequent invocation of `{{> @partial-block}}` compiles and executes that AST, enabling arbitrary JavaScript execution o CVSSv3.1 8.1 (HIGH)
CVE-2026-33937 — Handlebarsjs Handlebars: An attacker who can supply a crafted AST to `compile()` can therefore inject and
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to `compile()` can therefore inject and execute arbitrary JavaScript, leading to Remote Code Execution on t CVSSv3.1 9.8 (CRITICAL)
CVE-2026-33879 — Aicentre Federated_learning_and_interoperability_platform: Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and
Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and credential-stuffing attacks. FLIP users are external to the organization, increasing credential reuse risk. As of time of publication, it is unclear if a patch is available. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-33765 — Pi-hole Web_interface: Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $_POST['webtheme'] parameter and concatenates it directly into a system command executed via PHP's exec() function. Since the input is neither sanitized nor validated before being passed to the shell, an atta CVSSv3.1 9.8 (CRITICAL)
CVE-2026-33654 — Nanobot Nanobot: Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions (and subsequently, system tools) without any interaction from the bot owner. By sending an email containing malicious prompts to the bot's monitored email address, the bot automatically polls, ingests, and processes th CVSSv3.1 9.8 (CRITICAL)
CVE-2026-34387 — Fleetdm Fleet: Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an
Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed hosts when an uninstall is triggered for a crafted software package. Version 4.81.1 patches the issue. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-34385 — Fleetdm Fleet: Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment secrets. Version 4.81.0 patches the issue. CVSSv3.1 8.1 (HIGH)
CVE-2026-28369 — Redhat Build_of_apache_camel_-_hawtio: Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized acti CVSSv3.1 8.7 (HIGH) · EPSS 15th percentile
CVE-2026-28368 — Redhat Build_of_apache_camel_-_hawtio: This vulnerability allows a remote attacker to construct specially crafted requests where header names
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources. CVSSv3.1 8.7 (HIGH) · EPSS 8th percentile
CVE-2026-28367 — Redhat Build_of_apache_camel_-_hawtio: This can be used for request smuggling with certain proxy servers, such as older
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests. CVSSv3.1 8.7 (HIGH)
CVE-2026-4984 — Twilio: The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.
The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integration's Twilio credentials in the 'Authorization' header. An attacker can forge a webhook payload pointing to their own server and receive the victim's 'accountSID' and 'authToken' in plaintext (base64-encoded Basic Auth), leading t CVSSv3.1 8.2 (HIGH) · EPSS 13th percentile
CVE-2026-33757 — Openbao Openbao: This allows an attacker to start an authentication request and perform "remote phishing" by
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the attacker. Despite being based on the authorization code flow, the `direct` mode calls back d CVSSv3.1 9.6 (CRITICAL)
CVE-2026-33433 — Traefik Traefik: Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header name (e.g., `x-auth-user` instead of `X-Auth-User`), an authenticated attacker can inject their own canonical version of that header to impersonate any identity to the backend. The backend receives two header entries — the attacker-injected canonical one is read first, overriding Traefik's non-canonical write. CVSSv3.1 8.8 (HIGH)
CVE-2026-27876 — Grafana Grafana: A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable. Only instances in the following version ranges are affected: - 11.6.0 (inclusive) to 11.6.14 (exclusive): 11.6.14 has the fix. 11 CVSSv3.1 9.1 (CRITICAL) · EPSS 66th percentile
CVE-2026-22742 — Vmware Spring_ai: Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4. CVSSv3.1 8.6 (HIGH) · EPSS 18th percentile
CVE-2026-22738 — Vmware Spring_ai: In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4. CVSSv3.1 9.8 (CRITICAL) · EPSS 16th percentile
CVE-2026-33729 — Openfga Openfga: In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Users are affected if the model has relations which rely on condition evaluation andncaching CVSSv3.1 9.8 (CRITICAL)
CVE-2026-33728 — Datadog Dd-trace-java: On JDK version 16 and earlier, an attacker with network access to a JMX
dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnera CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile
CVE-2026-33701 — Linuxfoundation Opentelemetry_instrumentation_for_java: On JDK version 16 and earlier, an attacker with network access to a JMX
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditio CVSSv3.1 9.8 (CRITICAL)
CVE-2026-27893 — Vllm Vllm: This enables remote code execution via malicious model repositories even when the user has
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue. CVSSv3.1 8.8 (HIGH)
Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
Elastic Security Labs disclosed BRUSHWORM and BRUSHLOGGER, two custom malware components targeting a South Asian financial institution. BRUSHWORM is a modular backdoor with USB worm propagation, scheduled task persistence, AES-encrypted configuration, and broad file theft capabilities; BRUSHLOGGER is a DLL side-loaded keylogger masquerading as libcurl.dll with system-wide keystroke capture and XOR-encrypted logs. Multiple development versions (V1.exe, V2.exe, etc.) were discovered on VirusTotal, indicating active refinement by an inexperienced threat actor.