Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-52825 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Privilege
Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Privilege Escalation.This issue affects Real Estate Manager: from n/a through <= 7.3. CVSSv3.1 8.8 (HIGH)
CVE-2025-52822 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap wp-roadmap allows SQL Injection.This issue affects WP Roadmap: from n/a through <= 2.1.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-52821 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through <= 1.7. CVSSv3.1 8.5 (HIGH)
CVE-2025-4738 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection. This issue affects MY ERP: before 1.170. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile
CVE-2025-46157 — Efrotech Timetrax: An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form CVSSv3.1 9.9 (CRITICAL) · EPSS 55th percentile
2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries
Bishop Fox publishes a curated roundup of 16 red team tools spanning cloud/identity exploitation (AzureHound, ROADtools, AADInternals, GraphRunner, TREVORspray, MFASweep, SeamlessPass, MicroBurst), evasion techniques (Minikerberos, Windows-rs, Scapy, Pwntools), and post-exploitation frameworks (Volatility, Frida, Evilginx, CursedChrome). The selection emphasizes Azure AD/Microsoft 365 attack surface, credential harvesting, MFA bypass, and browser-based persistence mechanisms.
CVE-2025-49879 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in themezaa
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in themezaa Litho litho allows Path Traversal.This issue affects Litho: from n/a through <= 3.0. CVSSv3.1 8.6 (HIGH)
CVE-2025-49508 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.7.1. CVSSv3.1 8.1 (HIGH)
CVE-2025-49452 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri postapanduri allows SQL Injection.This issue affects PostaPanduri: from n/a through <= 2.1.3. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-49447 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu fw-food-menu allows Using Malicious Files.This issue affects FW Food Menu : from n/a through <= 6.0.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-49444 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor
Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through <= 1.0.5. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-49415 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: from n/a through <= 8.0.0. CVSSv3.1 8.6 (HIGH)
CVE-2025-49330 — Deserialization: of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and
Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin cf7-zoho allows Object Injection.This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through <= 1.3.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-49261 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-49260 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.9. CVSSv3.1 8.1 (HIGH)
CVE-2025-49259 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.10. CVSSv3.1 8.1 (HIGH)
CVE-2025-49258 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Maia maia allows PHP Local File Inclusion.This issue affects Maia: from n/a through <= 1.1.15. CVSSv3.1 8.1 (HIGH)
CVE-2025-49257 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-49256 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Sapa sapa allows PHP Local File Inclusion.This issue affects Sapa: from n/a through <= 1.1.14. CVSSv3.1 8.1 (HIGH)
CVE-2025-49255 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Ruza ruza allows PHP Local File Inclusion.This issue affects Ruza: from n/a through <= 1.0.7. CVSSv3.1 8.1 (HIGH)
CVE-2025-49254 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-49253 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa lasa allows PHP Local File Inclusion.This issue affects Lasa: from n/a through <= 1.1. CVSSv3.1 8.1 (HIGH)
CVE-2025-49252 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-49251 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.28. CVSSv3.1 8.1 (HIGH)
CVE-2025-49071 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through < 1.5.1. CVSSv3.1 10.0 (CRITICAL)