newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-17 20:38Z
Subscribe to news →
CVE-2026-26240 — Qnap File_station: A buffer overflow vulnerability has been reported to affect File Station 5.
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later CVSSv3.1 9.1 (CRITICAL) · EPSS 33th percentile
9.1
CVSS v3.1
96
Edit Score
CVE-2026-26239 — Qnap File_station: A buffer overflow vulnerability has been reported to affect File Station 5.
A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later CVSSv3.1 8.1 (HIGH) · EPSS 33th percentile
8.1
CVSS v3.1
91
Edit Score
CVE-2026-24724 — Qnap File_station: An incorrect authorization vulnerability has been reported to affect File Station 6.
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later CVSSv3.1 8.1 (HIGH) · EPSS 19th percentile
8.1
CVSS v3.1
91
Edit Score
CVE-2025-66276 — Qnap Qts: QuTS hero is not affected.
QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later CVSSv3.1 9.8 (CRITICAL) · EPSS 13th percentile
9.8
CVSS v3.1
99
Edit Score
Prompt Engineering for Security Agents: A Measurable Approach with GEPA
SpecterOps·specterops.io
SpecterOps publishes a detailed technical guide on GEPA (Genetic-Pareto), an optimization framework for systematically refining LLM prompts used in security agents. The post walks through applying GEPA to a CTF agent use case, covering reward function design, actionable side information (ASI), batch evaluation, Pareto frontier selection, and reflective mutation—with working Python code examples using the optimize_anything framework.
72
Edit Score
CVE-2026-45328 — ESF: In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1. CVSSv3.1 9.3 (CRITICAL)
9.3
CVSS v3.1
97
Edit Score
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)
watchTowr Labs published a detailed technical writeup of CVE-2026-10520, a pre-authenticated OS command injection in Ivanti Sentry affecting versions before R10.5.2, R10.6.2, and R10.7.1. The vulnerability exists in the /mics/api/v2/sentry/mics-config/handleMessage endpoint, which accepts user-controlled XML-formatted configuration commands that are passed directly to a native command execution handler via reflection. The researchers reverse-engineered the patch by diffing vulnerable and patched JAR files, identified the vulnerable code path, and successfully reproduced root-level RCE with a CVSS 10.0 score.
92
Edit Score
CVE-2026-53673 — BuddyPress: 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers can pass another user's identifier to the get_item_permissions_check method, which validates the supplied user_id instead of the logged-in user and is reused by the update and delete handlers, to read, reply to, or delete any user's privat CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-46491 — SimpleSAMLphp: In deployments using FileSystemTicketStore, a remote attacker can use path traversal sequences such as
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into this store. In deployments using FileSystemTicketStore, a remot CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
CVE-2026-41732 — JsonPulsarHeaderMapper: Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying
JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default allow-list. Affected versions: Spring for Apache Pulsar 2.0.0 through 2.0.5; 1.2.0 through 1.2.17; 1.1.0 through 1.1.17. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-41731 — JsonKafkaHeaderMapper: Combined with Jackson's default bean deserialization, a producer could supply crafted header values that
JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted header values that caused the consumer to deserialize arbitrary JDK types. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-41729 — Spring: Data REST is vulnerable to SpEL expression injection through map-typed properties when processing
Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-41717 — Spring: Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability.
Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026
Pwn2Own Berlin 2026 demonstrated that the AI stack—including vector databases (ChromaDB), inference engines (Ollama, LM Studio), container runtimes (Nvidia Container Toolkit), and agentic coding tools (Claude Code, Codex, Cursor)—harbors exploitable vulnerabilities with direct paths to host compromise. Researchers used LLMs and agentic coding harnesses to discover bugs, earning nearly $1.3M in bounties; common weaknesses traced to overpowered developer tools, misplaced trust in agent-user interactions, and widespread internet exposure of AI infrastructure. The competition revealed that speed, not accuracy, drives GenAI-assisted vulnerability discovery, and that similar code patterns generated across unrelated projects create systemic supply-chain risk.
78
Edit Score
CVE-2026-9753 — The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-48303 — Adobe: Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score
CVE-2026-47938 — Adobe: Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score
CVE-2026-47932 — ColdFusion: versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-47931 — ColdFusion: versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2026-47930 — ColdFusion: versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-47929 — ColdFusion: versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2026-47928 — ColdFusion: versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
Patch Tuesday - June 2026
Rapid7 Research·rapid7.comCVE-2026-33825CVE-2026-45585CVE-2026-45498CVE-2026-41091CVE-2026-49160CVE-2026-42902CVE-2026-49975CVE-2026-47291CVE-2026-44815CVE-2026-45586CVE-2026-42985CVE-2026-45658CVE-2026-50507CVE-2026-50508CVE-2026-45602CVE-2026-42904CVE-2026-47281CVE-2026-45583CVE-2026-45607CVE-2026-45641CVE-2026-32193CVE-2026-47643
Microsoft's June 2026 Patch Tuesday addresses 200 vulnerabilities, including multiple uncoordinated disclosures by researcher 'Nightmare Eclipse' covering Defender elevation-of-privilege flaws (MiniPlasma, GreenPlasma, RoguePlanet) and Secure Boot bypasses. Critical issues include HTTP/2 denial-of-service (CVE-2026-49160, CVE-2026-49975), PowerToys local EoP (CVE-2026-42902), and high-CVSS Azure/RDP/kernel vulnerabilities. The disclosure pattern—timed immediately after Patch Tuesday with full PoC code—represents a significant escalation in vulnerability disclosure friction.
78
Edit Score
CVE-2026-47907 — Dreamweaver: Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-47906 — Dreamweaver: Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score