Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-55835 — Sueamcms_project Sueamcms: File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code
File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile
kernel-exploits — My proof-of-concept exploits for the Linux kernel
xairy's kernel-exploits repository is a curated collection of proof-of-concept Linux kernel exploits spanning 2016–2025, covering double-free vulnerabilities, signedness issues, memory corruption, and integer underflow flaws across USB, socket, and HID subsystems. The collection includes both privilege escalation and information-leak primitives, with the most recent additions (CVE-2025-38494/38495) targeting HID core integer underflow.
CVE-2025-8570 — BeyondCart: The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity. CVSSv3.1 9.8 (CRITICAL)
EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks
Trend Micro disclosed EvilAI, an active malware campaign distributing trojans disguised as legitimate productivity and AI tools with valid digital signatures across 114+ countries. The malware uses AI-generated obfuscated JavaScript payloads delivered via Node.js, establishes persistence through scheduled tasks, enumerates security products, steals browser credentials, and maintains encrypted C&C communication. Infections have impacted manufacturing, government, and healthcare sectors with 114 confirmed cases in the first week of tracking.
CVE-2025-58997 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-58215 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston ziston allows PHP Local File Inclusion.This issue affects Ziston: from n/a through < 1.4.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-54709 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala sala.This issue affects Sala: from n/a through <= 1.1.6. CVSSv3.1 8.1 (HIGH)
CVE-2025-53303 — Deserialization: of Untrusted Data vulnerability in ThemeMove ThemeMove Core thememove-core allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core thememove-core allows Object Injection.This issue affects ThemeMove Core: from n/a through <= 1.4.2. CVSSv3.1 8.8 (HIGH)
CVE-2025-48101 — Deserialization: of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress constant-contact-api allows Object
Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress constant-contact-api allows Object Injection.This issue affects Constant Contact for WordPress: from n/a through <= 4.1.1. CVSSv3.1 8.8 (HIGH)
CVE-2025-47579 — Themegoods Photography: Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2. CVSSv3.1 9.0 (CRITICAL)
CVE-2025-47569 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through <= 2.9.6. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-32486 — Weak: Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-54236 — Adobe Commerce: versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. CVSSv3.1 9.1 (CRITICAL) · EPSS 98th percentile
CVE-2025-40795 — Siemens Simatic_pcs_neo: Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component.
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. CVSSv3.1 9.8 (CRITICAL) · EPSS 59th percentile
Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed
Trend Micro disclosed a comprehensive analysis of The Gentlemen ransomware group, an emerging threat actor conducting targeted campaigns across 17 countries with focus on manufacturing, construction, healthcare, and insurance sectors. The group demonstrates advanced capabilities including custom anti-AV tools, legitimate driver abuse (ThrottleBlood.sys), GPO manipulation, privileged account compromise, and encrypted exfiltration via WinSCP, culminating in domain-wide ransomware deployment with double-extortion tactics.
CVE-2025-9114 — Doccure: The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-9113 — Doccure: The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to
The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-9112 — Doccure: The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)
CVE-2025-55849 — Weiphp Weiphp: v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and
WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee CVSSv3.1 8.4 (HIGH) · EPSS 9th percentile
CVE-2025-52161 — Scholl Weblication_cms: Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 36th percentile
CVE-2025-9566 — There's a vulnerability in podman where an attacker may use the kube play command
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1 CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile
CVE-2025-58628 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through < 2.0.9. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-58214 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through < 1.3.0. CVSSv3.1 8.1 (HIGH)
CVE-2025-58206 — Thememove Maxcoach: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through <= 3.2.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-49401 — Incorrect: Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. CVSSv3.1 9.8 (CRITICAL)