Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-25172 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through <= 1.9.4. CVSSv3.1 8.1 (HIGH)
CVE-2025-24775 — Upload: Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.9.0. CVSSv3.1 9.9 (CRITICAL)
Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks
Trend Micro disclosed detailed analysis of Crypto24 ransomware group conducting multi-stage attacks across Asia, Europe, and USA targeting financial services, manufacturing, entertainment, and technology sectors. The group combines legitimate tools (PSExec, AnyDesk, RDP patching) with custom malware including a RealBlindingEDR variant, keyloggers, and VMProtect-hardened ransomware payloads, using advanced evasion including UAC bypass via COM interface exploitation and EDR disablement via Group Policy abuse. Attackers maintain persistence through scheduled tasks, privileged account creation, and Google Drive exfiltration of keylogged credentials.
CVE-2012-10060 — Sysax Multi_server: Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its
Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2025-51451 — Totolink Ex1200t_firmware: In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. CVSSv3.1 9.8 (CRITICAL) · EPSS 33th percentile
CVE-2025-51452 — Totolink A7000r_firmware: In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. CVSSv3.1 9.8 (CRITICAL) · EPSS 33th percentile
CVE-2025-53766 — Microsoft Office: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. CVSSv3.1 9.8 (CRITICAL) · EPSS 68th percentile
CVE-2024-54678 — This could allow an authenticated local attacker to cause a type confusion and execute
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMA CVSSv3.1 8.2 (HIGH) · EPSS 46th percentile
CVE-2025-5391 — WooCommerce: The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). CVSSv3.1 8.1 (HIGH)
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
Trend Micro identified Charon, a new ransomware family deployed in targeted attacks against Middle East public sector and aviation organizations, using DLL sideloading (Edge.exe → msedge.dll) and process injection techniques similar to Earth Baxia APT campaigns. The malware employs multi-stage encrypted payloads, Curve25519+ChaCha20 hybrid encryption, anti-EDR capabilities via the Dark-Kill driver, and network propagation to encrypt both local and network shares with customized ransom notes.
AMSI-Bypass-HWBP
AMSI-Bypass-HWBP is a Rust-based debugger tool that bypasses Windows Defender's Antimalware Scan Interface (AMSI) by attaching to PowerShell processes and setting hardware breakpoints on AmsiScanBuffer(), then reducing the scanned buffer length to 1 byte to evade detection. The technique exploits the AMSI scanning mechanism by manipulating the R8 register (length parameter) to force the function to scan only a single byte, resulting in AMSI_RESULT_CLEAN responses.
CVE-2012-10047 — Cyclope: Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context. EPSS 98th percentile
CVE-2025-47219 — Gstreamer Gstreamer: In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2025-51629 — XSS: A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1
A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter. CVSSv3.1 8.8 (HIGH) · EPSS 27th percentile
CVE-2025-24000 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP
Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through <= 3.2.0. CVSSv3.1 8.8 (HIGH)
CVE-2025-51056 — Vedo_suite_project Vedo_suite: An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE). CVSSv3.1 8.2 (HIGH) · EPSS 41th percentile
CVE-2025-51055 — Vedo_suite_project Vedo_suite: Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite
Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information. CVSSv3.1 8.6 (HIGH) · EPSS 21th percentile
CVE-2025-53786 — Microsoft Exchange_server: On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that CVSSv3.1 8.0 (HIGH) · EPSS 69th percentile
Next-Level Fingerprinting: Tools, Logic, and Tactics
Bishop Fox published research on improving fingerprinting capabilities for asset identification and vulnerability discovery. The work combines signature normalization across multiple tools (Nmap, Recog, Wappalyzer, Nuclei), AI-assisted signature generation, and performance optimizations tested against 180GB/day of internet banner data to create a more cohesive fingerprinting framework.
CVE-2025-8420 — WordPress: Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote
Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called CVSSv3.1 8.1 (HIGH)
CVE-2013-10068 — Foxit: Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer
Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code. EPSS 98th percentile
CVE-2012-10032 — Maxthon3: versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the
Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs, including maxthon.program.Program.launch() and maxthon.io.writeDataURL(). Exploitation requires user i EPSS 98th percentile
CVE-2012-10027 — Property: A remote attacker can upload arbitrary PHP files to a temporary directory without authentication
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution. EPSS 99th percentile
CVE-2012-10024 — XBMC: version 11, including builds up to the 2012-11-04 nightly release, contains a path
XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files. EPSS 98th percentile
CVE-2025-50341 — Boolean: A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter.
A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation. CVSSv3.1 9.8 (CRITICAL) · EPSS 36th percentile