Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-58255 — Site: Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-58250 — Site: Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo fingo allows Authentication Bypass.This issue affects
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo fingo allows Authentication Bypass.This issue affects Findgo: from n/a through <= 1.3.55. CVSSv3.1 8.8 (HIGH)
CVE-2025-58244 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo constructo allows Object Injection.This issue affects
Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through <= 4.3.9. CVSSv3.1 8.8 (HIGH)
CVE-2025-58013 — Site: Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects
Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 4.5.0. CVSSv3.1 8.8 (HIGH)
CVE-2025-57685 — Link: The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8
The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/set_serial_cfg interface to gain the highest level of device privileges without authorization, enabling them to remotely execute malicious commands. CVSSv3.1 8.8 (HIGH) · EPSS 70th percentile
CVE-2025-53468 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus@hotmail.com Wp tabber widget wp-tabber-widget allows SQL Injection.This issue affects Wp tabber widget: from n/a through <= 4.0. CVSSv3.1 8.5 (HIGH)
DeviceCodePhishing — This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow
DeviceCodePhishing is a novel phishing tool that automates Azure Entra Device Code Flow attacks using headless browser automation, eliminating the 10-minute manual entry window and defeating MFA including FIDO2. The attack redirects victims to legitimate authentication pages, making detection nearly impossible; Microsoft patched standard Entra tenants but federated Entra tenants remain vulnerable.
How AI-Native Development Platforms Enable Fake Captcha Pages
Trend Micro documents a surge in phishing campaigns since January 2025 leveraging AI-native development platforms (Vercel, Netlify, Lovable) to host fake CAPTCHA pages that deceive users and evade automated security scanning. Attackers exploit the ease of deployment, free hosting tiers, and inherited domain credibility to redirect victims to credential-harvesting sites after CAPTCHA completion. The research identifies 95 malicious instances across the three platforms, with Vercel hosting 52 sites and Lovable 43, demonstrating a scalable attack pattern.
CVE-2025-54807 — An attacker who obtains the signing key can bypass authentication, gaining complete access to
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system. CVSSv3.1 9.8 (CRITICAL) · EPSS 26th percentile
CVE-2023-49367 — An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote
An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user. CVSSv3.1 8.8 (HIGH) · EPSS 22th percentile
CVE-2024-13151 — CWE: 89 - Improper Neutralization of Special Elements used in an SQL Command
CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection. This issue affects Auto Service Software: before v.2025.10.01. CVSSv3.1 9.8 (CRITICAL) · EPSS 13th percentile
What We Know About the NPM Supply Chain Attack
A large-scale NPM supply chain attack compromised ~500 JavaScript packages via targeted phishing against maintainer accounts, injecting malicious code including the Shai-hulud worm. The worm self-replicates across NPM packages, steals GitHub tokens, injects malicious CI/CD workflows, clones private repositories to attacker infrastructure, and harvests secrets using TruffleHog. Organizations across North America and Europe have been affected by the Cryptohijacker payload variant, which diverts cryptocurrency assets through API hijacking and network traffic manipulation.
CVE-2025-10439 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection. This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.7. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2025-57631 — Tduckcloud Tduck: SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile
CVE-2025-34186 — Ilevia Eve_x1_server_firmware: Because the binary interprets non-zero exit codes from system() as successful authentication, remote attackers
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit codes from system() as successful authentication, remote attackers can bypass authentication and gain full access to the system. CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile
CVE-2025-56557 — Tuya Tuya: An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged
An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol. CVSSv3.1 9.1 (CRITICAL) · EPSS 22th percentile
CVE-2024-13174 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection. This issue affects Web Application: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 8.6 (HIGH) · EPSS 11th percentile
CVE-2024-13149 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE -
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection. This issue affects Armalife: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 9.8 (CRITICAL) · EPSS 11th percentile
CVE-2025-57119 — Phpgurukul Online_library_management_system: An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges
An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile
CVE-2025-10537 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVSSv3.1 8.8 (HIGH)
CVE-2025-10534 — Mozilla Firefox: Spoofing issue in the Site Permissions component.
Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143. CVSSv3.1 8.1 (HIGH)
CVE-2025-10533 — Mozilla Firefox: Integer overflow in the SVG component.
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVSSv3.1 8.8 (HIGH)
State of the SaaS Security Union
Bishop Fox documents two concurrent threat campaigns targeting SaaS applications: UNC6040 (ShinyHunters/Scattered Spider) conducting OAuth phishing and credential attacks against Salesforce customers for ransom, and UNC6395 (suspected nation-state APT) exploiting integration misconfigurations in Salesloft to compromise 700+ customers and pivot into downstream SaaS and AWS environments. The attacks expose critical gaps in SaaS security posture, particularly overprivileged integration accounts and lack of secrets management visibility.
CVE-2025-7744 — Dolusoft Omaspot: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection. This issue affects Omaspot: before 12.09.2025. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2025-7743 — Dolusoft Omaspot: Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025. CVSSv3.1 9.6 (CRITICAL)