Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-52239 — Zkea Zkeacms: An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile
CVE-2025-51390 — Totolink N600r_firmware: N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. CVSSv3.1 9.8 (CRITICAL) · EPSS 80th percentile
CVE-2025-8518 — Vvveb Vvveb: The manipulation leads to code injection.
A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommend CVSSv3.1 4.7 (MEDIUM) · EPSS 95th percentile
Oops Safari, I think You Spilled Something!
Exodus Intelligence disclosed CVE-2024-44308, a use-of-uninitialized-variable vulnerability in WebKit's DFG compiler affecting Safari on macOS and iOS. The bug exists in TypedArray index storage code and was patched by Apple in November 2024; when alive, it enabled renderer RCE when chained with PAC and APRR bypasses on Apple Silicon. This writeup provides detailed technical analysis of the DFG IR, root-cause debugging, and exploitation methodology for achieving arbitrary read/write through stack layout control.
CVE-2025-44643 — Certain: An attacker with network access could exploit this to gain unauthorized control over the
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic. CVSSv3.1 8.6 (HIGH) · EPSS 16th percentile
CVE-2025-20701 — Airoha: This could lead to remote escalation of privilege with no additional execution privileges needed.
In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. CVSSv3.1 8.8 (HIGH) · EPSS 87th percentile
CVE-2025-6754 — SEO: The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing
The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in all versions up to, and including, 1.0.15. Because the AJAX action only verifies a nonce, without checking the caller’s capabilities, a subscriber-level user can retrieve the token and then access the custom endpoint to obtain full administrator CVSSv3.1 8.8 (HIGH)
CVE-2013-10050 — Dlink Dir-300_firmware: An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile
CVE-2025-45150 — X-d_lab Langchain-chatglm-webui: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile
CVE-2025-50572 — Archer: 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product. CVSSv3.1 8.8 (HIGH) · EPSS 35th percentile
CVE-2025-50850 — Cs-cart Cs-cart: An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks
An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks. CVSSv3.1 8.6 (HIGH) · EPSS 14th percentile
CVE-2025-50849 — Cart: CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR).
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers. CVSSv3.1 8.0 (HIGH) · EPSS 16th percentile
NullGate — Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
NullGate is a C++ library that abstracts indirect syscall invocation using FreshyCalls with dynamic syscall number retrieval, coupled with a novel Windows Defender memory-scan evasion technique. The evasion method allocates memory with PAGE_NOACCESS, creates suspended threads, writes shellcode post-suspension, then resumes execution—avoiding detection during the critical memory-scan window. The library includes compile-time string obfuscation via FNV1 hashing and XOR encryption with per-build randomized keys.
CVE-2025-45620 — Averusa Ptc310uv2_firmware: An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information
An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request CVSSv3.1 8.1 (HIGH) · EPSS 55th percentile
CVE-2025-31277 — Apple Safari: Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. CVSSv3.1 8.8 (HIGH)
CVE-2025-8264 — Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify or delete sensitive data from a linked third-party database. **Note:** This vulnerability affects Z-Push installations that utilize the IMAP backend and have the IMAP_FROM_SQL_QUE CVSSv3.1 9.0 (CRITICAL) · EPSS 30th percentile
Gunra Ransomware Group Unveils Efficient Linux Variant
Trend Micro disclosed technical analysis of Gunra ransomware's new Linux variant, first observed in April 2025. The variant features configurable multi-threaded encryption (up to 100 threads), partial file encryption, and hybrid RSA/ChaCha20 encryption with optional separate keystore storage. The group has claimed 14 victims across multiple sectors and geographies since emergence.
CVE-2025-29534 — An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows
An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue stems from insufficient sanitization of user-supplied input in the /cgi-bin/cgi_vista.cgi executable, which is passed to a system-level function call. CVSSv3.1 8.8 (HIGH) · EPSS 46th percentile
CVE-2025-5997 — Incorrect: Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse.
Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse. This issue affects PhishPro: before 7.5.4.2. CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile
CVE-2025-6918 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This issue affects Virtual PBX Software: before 09.07.2025. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile
CVE-2025-8267 — Felipperegazio Ssrf_check: Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF)
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses. CVSSv3.1 8.2 (HIGH) · EPSS 30th percentile
CVE-2025-5835 — Themeum Droip: The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitrary post deletion, arbitrary post creation, post duplication, settings update, us CVSSv3.1 8.8 (HIGH)
CVE-2025-5831 — Themeum Droip: The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)
CVE-2025-51087 — Tenda Ac8_firmware: The manipulation of the argument time leads to stack-based buffer overflow.
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. CVSSv3.1 8.6 (HIGH) · EPSS 94th percentile
CVE-2025-4784 — Moderec Tourtella: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection. This issue affects Tourtella: before 26.05.2025. CVSSv3.1 9.8 (CRITICAL) · EPSS 56th percentile