Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-68143 — Lfprojects Model_context_protocol_servers: Model Context Protocol Servers is a collection of reference implementations for the model context
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. CVSSv3.1 8.8 (HIGH)
MITRE AADAPT Framework as a Red Team Roadmap
Bishop Fox publishes a practical guide to operationalizing MITRE's AADAPT (Adversarial Actions in Digital Asset Payment Techniques) framework through red teaming. The article maps value flows in tokenized systems, aligns attack scenarios to AADAPT tactics, and provides four concrete offensive test templates (flash-loan manipulation, oracle poisoning, signing abuse, cross-chain evasion) with telemetry collection and purple-team validation methodology.
CVE-2023-53900 — Spip Spip: 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering. CVSSv3.1 8.8 (HIGH) · EPSS 18th percentile
CVE-2023-53899 — Podcastgenerator Podcast_generator: 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-65319 — Blixhq Bluemail: When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software. CVSSv3.1 9.1 (CRITICAL) · EPSS 38th percentile
CVE-2025-65318 — Canarymail Canary_mail: When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software. CVSSv3.1 9.1 (CRITICAL) · EPSS 38th percentile
Use GWP-ASan to detect exploits in production environments
Trail of Bits details GWP-ASan (Guarded Pool Allocator with AddressSanitizer), a sampling-based memory sanitizer that detects heap memory safety bugs—use-after-free, double-free, buffer overflows—in production with near-zero performance overhead by instrumenting only a fraction of allocations with guard pages. The post explains the technical mechanics, deployment across major projects (Chrome, Firefox, Android, WebKit), and provides practical guidance on integration using LLVM's Scudo allocator with performance benchmarks.
CVE-2025-68056 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through <= 5.4.4. CVSSv3.1 8.5 (HIGH)
CVE-2025-68055 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32. CVSSv3.1 8.5 (HIGH) · EPSS 18th percentile
CVE-2025-68054 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5. CVSSv3.1 8.5 (HIGH)
CVE-2025-68053 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through <= 1.3.4. CVSSv3.1 8.5 (HIGH)
CVE-2025-67950 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1. CVSSv3.1 8.5 (HIGH)
v3.6.1
Nuclei v3.6.1 released with bug fixes addressing HTTP request body loss on retries/redirects, segmentation faults in headless initialization, data races in page history reading, and memory optimization improvements. The release includes dependency updates and documentation corrections across multiple modules.
Thinking Outside The Box [dusted off draft from 2017]
Project Zero publishes a 2017 draft detailing exploitation of CVE-2017-3558 in VirtualBox's Slirp NAT networking stack. The vulnerability stems from untrusted IP packet length fields overwriting buffer metadata, enabling out-of-bounds heap reads and writes that culminate in arbitrary code execution on the host via a memcpy() gadget chain and GOT corruption to leak and call system().
CVE-2023-53888 — Zomp Zomplog: 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application. CVSSv3.1 8.8 (HIGH) · EPSS 76th percentile
CVE-2025-11393 — This allows a standard user within the cluster to send unauthorized commands to the
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allows a standard user within the cluster to send unauthorized commands to the management platform, effectively acting with the full permissions of the cluster administrator. This could CVSSv3.1 8.7 (HIGH) · EPSS 12th percentile
CVE-2024-44599 — Fntsoftware Fnt_command: FNT Command 13.4.0 is vulnerable to Directory Traversal.
FNT Command 13.4.0 is vulnerable to Directory Traversal. CVSSv3.1 8.3 (HIGH) · EPSS 34th percentile
CVE-2024-44598 — Fntsoftware Fnt_command: FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module.
FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module. CVSSv3.1 8.8 (HIGH) · EPSS 27th percentile
CVE-2025-14476 — Doubly: The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable
The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from the content.txt file within uploaded ZIP archives. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary code, delete files, retrieve sensitiv CVSSv3.1 8.8 (HIGH)
CVE-2025-14440 — JAY: The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in
The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the 'jay_login_register_process_switch_back' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-65854 — Mineadmin Mineadmin: Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover. CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile
CVE-2025-65530 — Cloudlinux Ai-bolit: An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file. CVSSv3.1 8.8 (HIGH) · EPSS 21th percentile
CVE-2025-13506 — Execution: Nebim V3 ERP allows Expanding Control over the Operating System from the Database.
Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1. CVSSv3.1 8.8 (HIGH) · EPSS 26th percentile
Catching malicious package releases using a transparency log
Trail of Bits released rekor-monitor, a production-ready tool for monitoring Sigstore's Rekor transparency log to detect unauthorized package releases and compromised signing identities. The work, funded by OpenSSF, adds Rekor v2 support, certificate validation, TUF integration, and GitHub Actions workflows to enable maintainers to detect supply-chain compromises in real-time rather than relying on post-hoc detection.
CVE-2025-14344 — Multi: The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'plupload_ajax_delete_file' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. CVSSv3.1 9.8 (CRITICAL)