Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-0974 — Orderable: The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins, which can lead to Remote Code Execution. CVSSv3.1 8.8 (HIGH)
CVE-2026-0926 — Prodigy: The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all
The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and othe CVSSv3.1 9.8 (CRITICAL)
CVE-2026-0912 — Toret: The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for regi CVSSv3.1 8.8 (HIGH)
CVE-2026-24708 — OpenStack: An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected CVSSv3.1 8.2 (HIGH)
CVE-2025-14009 — Nltk Nltk: This allows attackers to craft malicious zip packages that, when downloaded and extracted by
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If CVSSv3.1 8.8 (HIGH)
CVE-2026-23230 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid
In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleavi CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile
Carelessness versus craftsmanship in cryptography
Trail of Bits disclosed widespread key/IV reuse vulnerabilities in popular AES libraries aes-js (850+ npm dependents, 700k+ repos) and pyaes (23k+ repos) caused by default IV of 0x00000000_00000000_00000000_00000001 in CTR mode. The vulnerability affects downstream projects including strongMan VPN Manager, where attackers with database access could recover RSA private keys and X.509 certificates in seconds, enabling impersonation and MITM attacks. strongSwan maintainer Tobias Brunner responded with immediate patching and migration tools; aes-js maintainer has ignored the issue since 2022.
CVE-2025-33073 — PoC Exploit for the NTLM reflection SMB flaw.
Public PoC exploit released for CVE-2025-33073, an NTLM reflection vulnerability in SMB that enables relay attacks against Windows systems. The exploit chains NTLM reflection with DNS coercion or LLMNR poisoning to achieve RCE as SYSTEM, with variants supporting LDAPS relay even when SMB signing is enabled through MIC bypass techniques.
STOP THE CAP: Making Entra ID Conditional Access Make Sense Offline
SpecterOps released CAPSlock, an offline Conditional Access policy (CAP) analysis tool for Microsoft Entra ID that enables red teamers and defenders to reason about policy enforcement without triggering sign-in artifacts. Built on ROADrecon exports, CAPSlock simulates sign-in scenarios, identifies policy gaps, and distinguishes between definitive and signal-dependent policy application to surface potential bypass paths.
CVE-2026-2616 — Beetel 777vr1_firmware: The manipulation leads to hard-coded credentials.
A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH) · EPSS 55th percentile
CVE-2026-22208 — OpenS100: (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the pr CVSSv3.1 9.6 (CRITICAL) · EPSS 46th percentile
CVE-2025-7631 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software allows SQL Injection. This issue affects Tumeva Prime News Software: from v.1.0.1 before v1.0.2. CVSSv3.1 8.6 (HIGH) · EPSS 2th percentile
Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities
Trend Micro disclosed a spam campaign (December 2025–January 2026) that abused Atlassian Jira Cloud's trusted infrastructure and email systems to deliver targeted phishing and spam to government, corporate, and language-specific audiences. Attackers created disposable trial Jira instances, leveraged Jira Automation rules to send crafted emails from legitimate atlassian.net domains, and bypassed email security controls by exploiting SPF/DKIM compliance and inherent trust in SaaS notifications, ultimately redirecting victims to investment scams and online casinos via Keitaro TDS.
CVE-2026-2447 — Mozilla Firefox: Heap buffer overflow in libvpx.
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2. CVSSv3.1 8.8 (HIGH)
Nuclei Templates v10.3.9 – Release Notes
Nuclei Templates v10.3.9 release adds 182 new detection templates covering 116 CVEs, including critical RCE vulnerabilities in n8n, Laravel Livewire, BeyondTrust Remote Support, SolarWinds Web Help Desk, and multiple authentication bypass/SQL injection flaws. The release includes templates for both recent 2026 CVEs and historical vulnerabilities with public exploits, alongside bug fixes reducing false positives and negatives in existing detection logic.
PSFree — PSFree WebKit Exploit & Lapse Kernel Exploit For PS4 9.00 [WIP] By abc
PSFree is a public exploit toolkit combining a WebKit vulnerability chain with the Lapse kernel exploit for PS4 firmware 9.00, achieving ~80% stability. The repository includes payload delivery mechanisms, ROP gadgets, and kernel patches to bypass security controls and achieve code execution.
CVE-2026-1306 — Synth: The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible CVSSv3.1 9.8 (CRITICAL)
CVE-2026-2144 — Magic: The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename (QR_Code.png) in the publicly accessible WordPress uploads directory during the email sending process. The file is only deleted after wp_mail() completes, creating an exploitable race condition window. This makes it possible for unauthenticated CVSSv3.1 8.1 (HIGH)
v2.9.2
AzureHound v2.9.2 released with a bug fix addressing unmarshalling of wrapper structs. The update resolves a technical issue in the custom unmarshaller that was causing deserialization failures.
CVE-2026-26221 — Hyland: An attacker who can reach the service can send crafted .NET Remoting requests to
Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem for Workflow) to trigger unsafe object unmarshalling, enabling arbitrary file read/write. By writing attacker-controlled content into web-accessible locations or CVSSv3.1 9.8 (CRITICAL)
CVE-2026-23112 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile
CVE-2026-1619 — Uni-yaz Flexcity: Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc.
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. CVSSv3.1 8.3 (HIGH) · EPSS 6th percentile
CVE-2026-1618 — Uni-yaz Flexcity: Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile
CVE-2025-14349 — Uni-yaz Flexcity: Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. CVSSv3.1 8.8 (HIGH) · EPSS 11th percentile
CVE-2025-14014 — Upload: Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Smart Panel: before 20251215. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile