Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
A Nerd's Life: Weeks of Firmware Teardown to Prove We Were Right
Quarkslab published a detailed firmware reverse-engineering writeup on a JieLi AC6958 smartwatch, documenting weeks of work to decrypt proprietary firmware sections, reverse-engineer the custom Pi32v2 CPU instruction set, and improve Ghidra support for the architecture. The researchers recovered an LFSR-based stream cipher key (0x170f), decrypted FAT filesystem partitions, and significantly extended the Pi32v2 processor module in Ghidra to enable full disassembly and decompilation of the watch's main application.
CVE-2025-70041 — CWE: An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube
An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. CVSSv3.1 9.8 (CRITICAL) · EPSS 18th percentile
CVE-2025-70024 — CWE: An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. CVSSv3.1 9.8 (CRITICAL) · EPSS 20th percentile
CVE-2025-66956 — Access: Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. CVSSv3.1 9.9 (CRITICAL) · EPSS 31th percentile
CVE-2019-25471 — Leefish File_thingie: FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, and execute arbitrary commands through the extracted PHP files. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-20046 — Cisco Ios_xr: A vulnerability in task group assignment for a specific CLI command in Cisco IOS
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful CVSSv3.1 8.8 (HIGH) · EPSS 4th percentile
CVE-2026-20040 — Cisco Ios_xr: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevat CVSSv3.1 8.8 (HIGH) · EPSS 7th percentile
CVE-2025-70082 — Lantronix Eds3016ps1ns_firmware: An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component CVSSv3.1 9.8 (CRITICAL) · EPSS 39th percentile
CVE-2025-67041 — Lantronix Eds3016ps1ns_firmware: An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2.
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2025-67039 — Lantronix Eds3016ps1ns_firmware: An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2.
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username. CVSSv3.1 9.1 (CRITICAL) · EPSS 30th percentile
CVE-2025-67038 — Lantronix Eds5032_firmware: This allow attackers to inject arbitrary OS commands into the username parameter.
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile
CVE-2025-67037 — Lantronix Eds5032_firmware: An issue was discovered in Lantronix EDS5000 2.1.0.0R3.
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges. CVSSv3.1 8.8 (HIGH) · EPSS 30th percentile
CVE-2025-67036 — Lantronix Eds5032_firmware: The Log Info page allows users to see log files by specifying their names.
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges. CVSSv3.1 8.8 (HIGH) · EPSS 30th percentile
CVE-2025-67035 — Lantronix Eds5032_firmware: The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2025-67034 — Lantronix Eds5032_firmware: An issue was discovered in Lantronix EDS5000 2.1.0.0R3.
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges. CVSSv3.1 8.8 (HIGH) · EPSS 38th percentile
CVE-2026-31892 — Argoproj Argo_workflows: From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin CVSSv3.1 8.1 (HIGH)
CVE-2026-28229 — Argoproj Argo_workflows: Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 and 3.7.11. CVSSv3.1 9.8 (CRITICAL)
Emergent Architectural Leakage in Frontier Models: The Dual-Claude Phenomenon
SpecterOps researcher Max Andreacchi disclosed architectural details of Anthropic's Claude multi-agent system through social engineering and sycophancy exploitation. By leveraging Claude's tendency to agree with and mirror user statements, the researcher extracted information about a dual-Claude architecture, inter-instance communication mechanisms (window.claude.complete), JavaScript REPL sandboxing, and identified collaboration potential between isolated Claude instances that could exceed individual capabilities.
CVE-2026-30903 — Zoom Workplace_desktop: External Control of File Name or Path in the Mail feature of Zoom Workplace
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. CVSSv3.1 9.6 (CRITICAL) · EPSS 24th percentile
CVE-2025-67298 — Classroomio Classroomio: An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile CVSSv3.1 8.1 (HIGH)
SUDO_KILLER — A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advan
SUDO_KILLER is a privilege escalation enumeration and exploitation framework targeting sudo misconfigurations and CVE-based weaknesses on Unix-like systems. The tool identifies dangerous sudo rules, GTFOBINS abuse paths, vulnerable sudo versions, and environment variable exploits, then provides manual exploitation guidance and helper scripts for credential harvesting, user impersonation, and TTY injection attacks.
Six mistakes in ERC-4337 smart accounts
Trail of Bits identifies six recurring vulnerability patterns in ERC-4337 smart account implementations: incorrect access control on execute functions, incomplete signature validation of gas fields, dangerous state modification during validation, ERC-1271 replay attacks across accounts/chains, unsafe reliance on postOp reverts for fee recovery, and initialization race conditions in ERC-7702 delegated accounts. The post provides vulnerable and patched code examples for each pattern.
CVE-2026-31844 — Koha Koha: An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL queries via crafted requests to this parameter, allowing execution of unintended SQL statements and exposure of sensitive database information. Successful exploitation may lead to full CVSSv3.1 8.8 (HIGH) · EPSS 16th percentile
CVE-2026-27842 — Authentication: bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. CVSSv3.1 9.8 (CRITICAL) · EPSS 32th percentile
CVE-2026-24448 — Use: of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. CVSSv3.1 9.8 (CRITICAL) · EPSS 20th percentile