Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-49401 — Incorrect: Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-58881 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through <= 8.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-58833 — Site: Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This
Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1. CVSSv3.1 8.8 (HIGH)
CVE-2025-58819 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-48581 — Google Android: This could lead to local escalation of privilege with no additional execution privileges needed.
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. CVSSv3.1 8.4 (HIGH) · EPSS 0th percentile
Demystifying 5G Security: Understanding the Registration Protocol
Bishop Fox published a comprehensive technical analysis of 5G registration protocol vulnerabilities, identifying critical flaws including SUPI disclosure risks, null/weak encryption negotiation (EEA0/EIA0), replay attack susceptibility, and bidding-down attack vectors. The research demonstrates practical exploitation using Open5Gs test environments and open-source tools like 5GReplay and Sni5Gect, with recommendations for defensive configuration and continuous security testing.
CVE-2025-2417 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass. This issue affects e-Mutabakat: from 2.02.06 before v2.02.06. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile
CVE-2025-2411 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass. This issue affects TaskPano: from s1.06.04 before v1.06.06. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile
An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps
Trend Micro analyzed the AMOS (Atomic macOS Stealer) campaign targeting macOS users via trojanized 'cracked' software downloads and Terminal command injection. The malware steals credentials, browser data, cryptocurrency wallets, Telegram chats, VPN profiles, and keychain items, with attackers using rotating domains to evade detection. macOS Sequoia's Gatekeeper blocks the .dmg delivery method, but the Terminal-based installation vector remains effective.
CVE-2025-57151 — Phpgurukul Complaint_management_system: Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php
phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. CVSSv3.1 8.8 (HIGH)
CVE-2025-57148 — Phpgurukul Online_shopping_portal: Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-57146 — Phpgurukul Complaint_management_system: Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php
phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. CVSSv3.1 8.1 (HIGH)
CVE-2025-2416 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass. This issue affects LimonDesk: from s1.02.14 before v1.02.17. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile
CVE-2025-2415 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass. This issue affects MyRezzta: from s2.03.01 before v2.05.01. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile
CVE-2025-1740 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01. CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile
CVE-2024-32444 — Inspirythemes Realhomes: Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-2413 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass. This issue affects ProKuafor: from s1.02.08 before v1.02.08. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile
CVE-2025-2414 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass. This issue affects OctoCloud: from s1.09.03 before v1.11.01. CVSSv3.1 8.6 (HIGH) · EPSS 23th percentile
CVE-2025-2412 — Restriction: Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass. This issue affects QR Menu: from s1.05.07 before v1.05.12. CVSSv3.1 8.6 (HIGH)
CVE-2025-0610 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.
Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery. This issue affects QR Menü: from s1.05.06 before v1.05.12. CVSSv3.1 8.6 (HIGH) · EPSS 11th percentile
CVE-2025-47696 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through <= 3.4.7. CVSSv3.1 8.1 (HIGH)
CVE-2025-31100 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management school-management allows
Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management school-management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through <= 1.93.1 (02-07-2025). CVSSv3.1 9.9 (CRITICAL)
CVE-2024-32832 — Authorization: Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login
Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-46484 — Trendnet Tv-ip410_firmware: TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the
TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile
CVE-2025-57819 — Sangoma Freepbx: 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile