Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-62093 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6.7. CVSSv3.1 8.5 (HIGH)
CVE-2025-14333 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. CVSSv3.1 8.1 (HIGH)
CVE-2025-14330 — Mozilla Firefox: JIT miscompilation in the JavaScript Engine: JIT component.
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-14329 — Mozilla Firefox: Privilege escalation in the Netmonitor component.
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. CVSSv3.1 8.8 (HIGH)
CVE-2025-14328 — Mozilla Firefox: Privilege escalation in the Netmonitor component.
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. CVSSv3.1 8.8 (HIGH)
CVE-2025-14326 — Mozilla Firefox: Use-after-free in the Audio/Video: GMP component.
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-14324 — Mozilla Firefox: JIT miscompilation in the JavaScript Engine: JIT component.
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-14323 — Mozilla Firefox: Privilege escalation in the DOM: Notifications component.
Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. CVSSv3.1 8.8 (HIGH)
CVE-2025-14322 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. CVSSv3.1 8.0 (HIGH)
CVE-2025-14321 — Mozilla Firefox: Use-after-free in the WebRTC: Signaling component.
Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-12504 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software UNIS allows SQL Injection. This issue affects UNIS: before 42321. CVSSv3.1 9.8 (CRITICAL) · EPSS 11th percentile
CVE-2025-11022 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery.
Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny ownership of the mentioned product. CVSSv3.1 9.6 (CRITICAL) · EPSS 11th percentile
CVE-2025-10655 — Frappe Helpdesk: SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of
SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0. CVSSv3.1 8.8 (HIGH)
CVE-2025-55182-research — CVE-2025-55182 POC
CVE-2025-55182 is a critical RCE vulnerability in React's Flight Protocol affecting versions 19.0.0–19.2.0 and Next.js 15.x–16.x. The exploit chains path traversal via `$1:constructor:constructor`, fake chunk injection with self-referential thenable objects, and `$B` handler abuse to reach the Function constructor and execute arbitrary code. Patches are available in React 19.0.1+, 19.1.2+, 19.2.1+ and corresponding Next.js releases.
CVE-2025-55182 — Explanation and full RCE PoC for CVE-2025-55182
CVE-2025-55182 is a critical prototype pollution vulnerability in React Server Functions (Next.js) that allows unauthenticated remote code execution via the React Flight Protocol deserialization. The vulnerability stems from insufficient validation during chunk reference resolution, enabling attackers to access the Function constructor and chain gadgets through blob deserialization to achieve arbitrary code execution before action validation occurs.
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
Trend Micro Research disclosed GhostPenguin, a previously undocumented Linux backdoor written in C++ that evaded detection for over four months on VirusTotal. The malware was discovered through AI-automated threat hunting and provides remote shell access, file operations, and C&C communication via RC5-encrypted UDP channels. Analysis reveals the backdoor is still in active development with debug artifacts and unused persistence functions.
react2shell-scanner — High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
Assetnote released react2shell-scanner, a Python tool for detecting critical RCE vulnerabilities (CVE-2025-55182 and CVE-2025-66478) in Next.js applications using React Server Components. The scanner executes a deterministic PoC payload and detects vulnerability via response header reflection, with optional safe-check mode, WAF bypass techniques, and multi-threaded scanning capabilities.
Nuclei Templates v10.3.5 - Release Notes
Nuclei Templates v10.3.5 adds 57 new detection templates covering 33 CVEs, with critical focus on React Server Components RCE (CVE-2025-55182), WordPress plugin vulnerabilities (auth bypass, arbitrary file upload, privilege escalation), and PrestaShop/CMS exploits. The release includes bug fixes reducing false positives/negatives and enhanced detection accuracy across WordPress ecosystem, PHP applications, and infrastructure services.
CVE-2025-14126 — Such manipulation leads to hard-coded credentials.
A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile
CVE-2025-12673 — Flex: The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-55182 — RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extension – CVE-2025-55182 & CVE-2025-66478
A public GitHub repository released a Chrome extension and Shodan scanner toolkit for detecting and exploiting CVE-2025-55182 and CVE-2025-66478, critical RCE vulnerabilities in React Server Components (RSC) and Next.js applications. The toolkit includes automated vulnerability detection, proof-of-concept exploitation capabilities, and a CORS-bypass proxy for remote testing.
CVE-2025-34291 — Langflow Langflow: versions up to and including 1.6.9 contain a chained vulnerability that enables account
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_t CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile
Ghostwriter v6.1 — Playing Fetch with BloodHound
SpecterOps released Ghostwriter v6.1, introducing native BloodHound integration that allows direct import of BloodHound data and findings into assessment projects. The release also adds collaborative project notes, improved caption editor objects, dark mode, expanded SSO/MFA options including WebAuthn groundwork, and programmatic evidence downloads via GraphQL.
CVE-2025-64054 — Fanvil X210_firmware: A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers
A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint. CVSSv3.1 9.6 (CRITICAL) · EPSS 32th percentile
CVE-2025-64057 — Fanvil X210_firmware: Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts. CVSSv3.1 8.3 (HIGH) · EPSS 52th percentile