Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-68519 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affects Brands for WooCommerce: from n/a through <= 3.8.6.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-68506 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03. CVSSv3.1 8.1 (HIGH)
CVE-2025-68696 — Jnunemaker Httparty: In versions 0.23.2 and prior, httparty is vulnerable to SSRF.
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd. CVSSv3.1 8.2 (HIGH) · EPSS 22th percentile
SpicyAD — SpicyAD is a C# Active Directory penetration testing tool designed for authorized security assessments. It combines mult
SpicyAD is a new C# Active Directory penetration testing framework that consolidates enumeration, Kerberos attacks (kerberoasting, AS-REP roasting, targeted kerberoasting), ADCS exploitation (ESC1/ESC4), credential theft (shadow credentials, RBCD), and AD object manipulation into a single tool with both interactive and CLI modes. The tool supports domain-joined and non-domain-joined execution, in-memory reflection loading, and automatic attack chains.
Mapping Deception with BloodHound OpenGraph
SpecterOps published a comprehensive guide on using BloodHound OpenGraph and deception technologies to map and deploy high-fidelity deceptions across Active Directory and third-party systems. The article covers attack path analysis, the F4keH0und tool for identifying deception opportunities in AD, and introduces deceptionClone—a utility for modeling deceptions within OpenGraph graphs to ensure attackers discover and interact with deception artifacts contextually.
CVE-2025-67109 — Eclipse Cyclone_data_distribution_service: Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges. CVSSv3.1 10.0 (CRITICAL) · EPSS 22th percentile
CVE-2025-67108 — Eprosima Fast_dds: Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. CVSSv3.1 10.0 (CRITICAL) · EPSS 22th percentile
CVE-2025-65856 — Xiongmaitech Xm530v200_x6-weq_8m_firmware: Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenti
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2025-67418 — Oxygenz Clipbucket: 5.5.2 is affected by an improper access control issue where the product is
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile
CVE-2025-67288 — Umbraco Umbraco_cms: An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279. CVSSv3.1 10.0 (CRITICAL) · EPSS 39th percentile
CVE-2025-67289 — Frappe Erpnext: An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file. CVSSv3.1 9.6 (CRITICAL) · EPSS 35th percentile
deepce — Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
DEEPCE is a pure-shell Docker enumeration and container escape toolkit that performs reconnaissance on containerized environments and exploits common misconfigurations (privileged mode, exposed Docker socket, docker group membership) to escalate privileges and escape to the host. The tool supports multiple payloads including reverse shells, credential extraction, and arbitrary command execution with minimal dependencies.
CVE-2025-13329 — File: The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files to the Uploadcare service and subsequently download them on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL)
CVE-2023-53959 — Filezilla-project Filezilla_client: FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-58052 — Galette Galette: Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue. CVSSv3.1 8.1 (HIGH) · EPSS 20th percentile
CVE-2025-1928 — Restajet Online_food_delivery_system: Online Food Delivery System allows Password Recovery Exploitation.
Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.1 (CRITICAL) · EPSS 19th percentile
Can chatbots craft correct code?
Trail of Bits analyzes the fundamental differences between compilers and LLMs in code generation, arguing that while compilers preserve semantic intent deterministically, LLMs are nondeterministic by design and prone to confident misinterpretation of context. The article presents a case study where Claude 'fixed' a non-existent bug in Vendetect by rewriting working recursive code, breaking core functionality, and illustrates why LLMs fail on legacy codebases with implicit constraints and undocumented context.
CVE-2025-56157 — Langgenius Dify: Default credentials in Dify thru 1.5.1.
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later. CVSSv3.1 9.8 (CRITICAL) · EPSS 52th percentile
HTB-MonitorsFour-Writeup — Detailed writeup for HackTheBox MonitorsFour machine: IDOR to credentials, Cacti 1.2.28 RCE exploitation, and Docker Des
Detailed HTB writeup demonstrating a complete attack chain: IDOR vulnerability on the main site leaks MD5 password hashes, Cacti 1.2.28 RCE via CVE-2025-24367 (command injection in graph templates) achieves initial shell in a Docker container, and CVE-2025-9074 (unauthenticated Docker API access on Docker Desktop's internal subnet 192.168.65.7:2375) enables container escape to read the host root flag.
CVE-2025-64236 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn tuturn allows
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a through < 3.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-68278 — Ssw Tinacms: In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cli version 2.0.4, and @tinacms/graphql version 2.0.3 contain a fix for the issue. CVSSv3.1 8.8 (HIGH)
CVE-2025-14861 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1. CVSSv3.1 8.8 (HIGH)
CVE-2025-14860 — Mozilla Firefox: Use-after-free in the Disability Access APIs component.
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-40898 — Nozominetworks Cmc: A path traversal vulnerability was discovered in the Import Arc data archive functionality due
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability. CVSSv3.1 8.1 (HIGH)
CVE-2025-40892 — Nozominetworks Cmc: A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, CVSSv3.1 8.9 (HIGH)