Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-60957 — Endruntechnologies Sonoma_d12_firmware: OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. CVSSv3.1 9.9 (CRITICAL) · EPSS 73th percentile
CVE-2025-60956 — Endruntechnologies Sonoma_d12_firmware: Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server
Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. CVSSv3.1 8.0 (HIGH) · EPSS 11th percentile
CVE-2025-39946 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: tls: make sure to
In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent connection stalls. Make sure that we abort the connection when we find out late that the record is actually invalid. Retrying the parsing is fine in itself but since we copy some more data CVSSv3.1 9.8 (CRITICAL)
CVE-2025-9243 — Cost: The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access order management functions and modify order status. CVSSv3.1 8.1 (HIGH)
CVE-2025-60787 — Motioneye_project Motioneye: v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted. CVSSv3.1 7.2 (HIGH) · EPSS 98th percentile
CVE-2025-9286 — Appy: The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-0616 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel allows SQL Injection. This issue affects B2B - Netsis Panel: through 20251003. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.2 (HIGH) · EPSS 13th percentile
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Trend Micro identified SORVEPOTEL, a self-propagating infostealer actively spreading via WhatsApp and email in Brazil, targeting financial institutions and crypto exchanges. The malware uses ZIP-archived LNK files to trigger multi-stage PowerShell/BAT payloads that establish persistence, hijack WhatsApp Web sessions for automated propagation, and deploy a .NET trojan (Maverick.Agent) capable of credential theft, keylogging, screenshot capture, and sophisticated overlay-based phishing attacks against Brazilian banking portals. The campaign has impacted 477+ systems with heavy focus on government and public sector organizations.
YoSmart YoLink Hub version 0382
Bishop Fox disclosed four critical vulnerabilities in YoSmart YoLink Hub v0382: insufficient authorization on the MQTT broker allowing cross-account device control, weak API authentication enabling credential harvesting, unencrypted MQTT communications exposing device IDs and credentials, and improper session management permitting week-long token validity post-logout. YoSmart has since patched all issues via server-side updates and firmware releases after public disclosure on 02/10/2025.
How a $20 Smart Device Gave Me Access to Your Home
Bishop Fox disclosed critical zero-day vulnerabilities in YoLink Smart Hub v0382, including authorization bypass via missing access controls on MQTT topics, unencrypted credential transmission, and predictable device ID enumeration. An attacker with knowledge of a target device's MAC address can derive MQTT credentials, intercept Wi-Fi passwords, and remotely control other users' smart locks, garage doors, and plugs without authentication.
CVE-2025-56588 — Dolibarr Dolibarr_erp\/crm: ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE)
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter. CVSSv3.1 8.8 (HIGH) · EPSS 39th percentile
CVE-2025-57393 — XSS: A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow Application Versions 7337 Account
A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow Application Versions 7337 Account v2.0 to v4.2vallows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. CVSSv3.1 8.8 (HIGH) · EPSS 25th percentile
CVE-2025-28357 — CRLF: A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute
A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request. CVSSv3.1 8.8 (HIGH) · EPSS 34th percentile
CVE-2025-56513 — Nicehash Quickminer: An attacker capable of intercepting or redirecting traffic to the update url and can
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector. NOTE: the Supplier reports that the existence of an http://update.nicehash.com URL is a f CVSSv3.1 9.8 (CRITICAL) · EPSS 60th percentile
CVE-2025-7779 — Local privilege escalation due to insecure XPC service configuration.
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571. CVSSv3.1 8.8 (HIGH)
CVE-2025-11152 — Mozilla Firefox: Sandbox escape due to integer overflow in the Graphics: Canvas2D component.
Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3. CVSSv3.1 8.6 (HIGH)
AMSI-WRITE-RAID-BYPASS — "AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
A GitHub repository discloses "AMSI Write Raid," a vulnerability allowing bypass of Windows Antimalware Scan Interface (AMSI) by overwriting writable memory entries in AMSI and CLR DLLs without invoking VirtualProtect API, thereby evading EDR/AV detection. The technique exploits pre-writable memory regions in the call stack to redirect AMSI function pointers, and the author notes multiple vulnerable entries exist across the AMSI call chain.
CVE-2024-13150 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection. This issue affects fayton.Pro ERP: through 20250929. CVSSv3.1 9.8 (CRITICAL) · EPSS 11th percentile
CVE-2025-11130 — This manipulation causes missing authentication.
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.4 (HIGH) · EPSS 8th percentile
Volatility 3 2.26.2
Volatility 3 2.26.2 released with plugin reorganization under malware category, deprecation of old plugin names with backward compatibility, new windows.etwpatch plugin, volshell breakpoint/watchpoint support, and various bug fixes and documentation improvements.
CVE-2025-60219 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through <= 1.9.24. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-60156 — Site: Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a
Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.36. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-60126 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through <= 3.5.8.6. CVSSv3.1 8.8 (HIGH)
CVE-2025-60118 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through <= 5.9.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-60111 — Site: Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core javo-core allows Authentication Bypass.This issue
Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core javo-core allows Authentication Bypass.This issue affects Javo Core: from n/a through <= 3.0.0.266. CVSSv3.1 8.8 (HIGH)