Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-3562 — Philips Hue_bridge_v2_firmware: Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability.
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass au CVSSv3.1 8.8 (HIGH) · EPSS 14th percentile
CVE-2026-3561 — Philips Hue_bridge_v2_firmware: Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability.
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of PUT requests to the characteristics endpoint. The issue results from the la CVSSv3.1 8.0 (HIGH) · EPSS 35th percentile
CVE-2026-3560 — Philips Hue_bridge_v2_firmware: Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability.
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function of the HomeKit implementation, which listens on TCP port 8080 by default. The issue results from the lack CVSSv3.1 8.8 (HIGH) · EPSS 27th percentile
CVE-2026-3559 — Philips Hue_bridge_v2_firmware: Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability.
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from CVSSv3.1 8.1 (HIGH) · EPSS 30th percentile
CVE-2026-3558 — Philips Hue_bridge_v2_firmware: Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability.
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the lack of authenticatio CVSSv3.1 8.1 (HIGH) · EPSS 30th percentile
CVE-2026-3557 — Philips Hue_bridge_v2_firmware: Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability.
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the hap_pair_verify_handler function of the hk_hap service, which listens CVSSv3.1 8.0 (HIGH) · EPSS 41th percentile
CVE-2026-3556 — Philips Hue_bridge_v2_firmware: Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability.
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fix CVSSv3.1 8.8 (HIGH) · EPSS 27th percentile
CVE-2026-3555 — Philips Hue_bridge_v2_firmware: Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of custom Zigbee ZCL frames in the Model Info download functionality. CVSSv3.1 8.0 (HIGH) · EPSS 19th percentile
CVE-2026-3085 — Gstreamer Gstreamer: rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability.
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-suppl CVSSv3.1 8.8 (HIGH)
CVE-2026-3083 — Gstreamer Gstreamer: rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability.
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payload elements. When parsing the packetid element, the process does not properly validate user- CVSSv3.1 8.8 (HIGH)
CVE-2026-32640 — Danthedeckie Simpleeval: Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. The latest version 1.0.5 has t CVSSv3.1 9.8 (CRITICAL)
CVE-2026-32635 — Angular Angular_cli: Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalizati CVSSv3.1 9.0 (CRITICAL) · EPSS 18th percentile
CVE-2026-32621 — Apollo: Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target prototype-inheritable properties. Alternatively, CVSSv3.1 9.9 (CRITICAL) · EPSS 11th percentile
CVE-2026-25083 — GROWI: OpenAI thread/message API endpoints do not perform authorization.
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages. CVSSv3.1 8.3 (HIGH) · EPSS 5th percentile
CVE-2025-14287 — Lfprojects Mlflow: A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py`
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, which are then executed using `os.system()`. This allows attackers to execute arbitrary commands by supplying malicious input through the `--container` parameter of the CLI. The iss CVSSv3.1 8.8 (HIGH)
CVE-2017-20224 — Telesquare Sdt-cs3b1_firmware: SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-20223 — Telesquare Sdt-cs3b1_firmware: SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-20030 — ZKTeco: ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses. CVSSv3.1 9.8 (CRITICAL) · EPSS 13th percentile
CVE-2016-20026 — ZKTeco: ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile
CVE-2016-20025 — ZKTeco: ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation. CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile
CVE-2016-20024 — ZKTeco: ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation. CVSSv3.1 9.8 (CRITICAL) · EPSS 9th percentile
Nuclei Templates v10.4.0 – Release Notes
Nuclei Templates v10.4.0 release adds 94 new templates covering 47 CVEs, including critical RCE vulnerabilities in Qwik, Langflow, Group-Office, and SPIP, plus authentication bypasses in Ivanti, SolarWinds Web Help Desk, and Four-Faith devices. The release includes significant bug fixes reducing false positives and negatives across multiple templates, with enriched metadata and improved detection logic.
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
Trend Micro documents an enhanced Warlock ransomware campaign exploiting unpatched Microsoft SharePoint servers with a significantly expanded post-exploitation toolkit including TightVNC for persistent remote access, Yuze for SOCKS5 tunneling, and a BYOVD technique leveraging the NSec driver to disable security products at kernel level. The group maintains redundant C&C channels via Velociraptor, VS Code tunnels, and Cloudflare Tunnel, conducts DCSync attacks for credential theft, and deploys ransomware via GPO to achieve rapid enterprise-wide encryption.
CVE-2026-4092 — Google Clasp: Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform
Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences. CVSSv3.1 8.8 (HIGH)
CVE-2026-3999 — Pointsharp Id_server: A broken access control may allow an authenticated user to perform a horizontal privilege
A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations. CVSSv3.1 8.8 (HIGH) · EPSS 5th percentile