Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-23913 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma WordPress Google Map Professional google-map-professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-23912 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through <= 2.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-23911 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solidres Solidres – Hotel booking plugin solidres allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through <= 0.9.4. CVSSv3.1 8.5 (HIGH)
CVE-2025-23797 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege
Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL)
Volatility 3 2.11.0
Volatility 3 2.11.0 released with 13 new plugins for Linux and Windows memory forensics, including eBPF analysis, hidden module detection, and system call hooking detection. Improvements include CLI output filtering and Python 3.8 as the new minimum version.
CVE-2025-23532 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget myanime-widget allows Privilege Escalation.This issue
Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget myanime-widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through <= 1.0. CVSSv3.1 8.8 (HIGH)
CVE-2025-23530 — Site: Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Lockdown custom-post-type-lockdown allows Privilege
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Lockdown custom-post-type-lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through <= 1.11. CVSSv3.1 8.8 (HIGH)
CVE-2025-23528 — Incorrect: Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1. CVSSv3.1 8.8 (HIGH) · EPSS 21th percentile
CVE-2025-22916 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function. CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile
CVE-2025-22912 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile
CVE-2025-22907 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile
CVE-2025-22906 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. CVSSv3.1 9.8 (CRITICAL) · EPSS 84th percentile
CVE-2025-22905 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. CVSSv3.1 9.8 (CRITICAL) · EPSS 92th percentile
CVE-2025-22904 — Edimax Re11s_firmware: RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile
CVE-2024-57726 — Simple-help Simplehelp: remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. CVSSv3.1 9.9 (CRITICAL) · EPSS 54th percentile
Trustify — Attack Active Directory Trusts with a single tool
Trustify is a PowerShell wrapper tool that automates attacks against Active Directory forest trusts, including trust account takeover via extracted Kerberos keys, SIDHistory injection, unconstrained delegation abuse, and ADCS template exploitation. The tool consolidates multiple existing attack primitives (Rubeus, PKI-Escalate, PowerView) into a single interface for lateral movement and privilege escalation across domain boundaries.
CVE-2025-22799 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-product-designer-for-woocommerce allows SQL Injection.This issue affects Neon Product Designer: from n/a through <= 2.2.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-22785 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-22784 — Site: Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This
Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through <= 1.0.5. CVSSv3.1 8.6 (HIGH)
CVE-2025-22782 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price
Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through <= 1.0.8. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-22736 — Incorrect: Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2. CVSSv3.1 8.8 (HIGH)
CVE-2024-12084 — Samba Rsync: A heap-based buffer overflow flaw was found in the rsync daemon.
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2024-57483 — Tenda I24_firmware: i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function. CVSSv3.1 9.8 (CRITICAL) · EPSS 46th percentile
CVE-2024-57473 — H3c N12_firmware: N12 V100R005 contains a buffer overflow vulnerability due to the lack of length
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile
CVE-2024-57482 — H3c N12_firmware: N12 V100R005 contains a buffer overflow vulnerability due to the lack of length
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile