newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-18 01:16Z
Subscribe to news →
CVE-2026-10520 — Command: An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score
User-to-User Authentication: Down the Rabbit Hole – Part 1
SpecterOps·specterops.io
SpecterOps publishes an in-depth technical analysis of Windows Kerberos user-to-user (U2U) authentication, explaining how it works at the protocol level and how it differs from standard Kerberos. The post covers U2U's legitimate use cases (RDP with NLA, peer-to-peer services), the cryptographic protections around session keys versus long-term keys, and discrepancies between the draft RFC specification and actual Windows implementation. Part 1 concludes with analysis of UnPAC-the-Hash, which extracts NT hashes from PAC structures in PKINIT-authenticated TGTs.
78
Edit Score
CVE-2026-7486 — Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-46332 — Linux: In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader
In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may receive multiple packets in one callback, so a single count value is not constrained by one packet length. Check that the incoming chunk fits in the remaining receive buffer space CVSSv3.1 8.0 (HIGH) · EPSS 6th percentile
8.0
CVSS v3.1
90
Edit Score
CVE-2026-46326 — Linux: In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed out before use. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile
8.4
CVSS v3.1
92
Edit Score
CVE-2026-46325 — Linux: This leads to incorrect iova-to-va conversion in scenarios: 1) page_size < PAGE_SIZE (e.g., MR
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles memory regions (MRs) with page sizes different from the system PAGE_SIZE. The core issue is that rxe_set_page() is called with mr->page_size step increments, but the page_list stores individual struct page pointers, each representing PAGE_SIZE of memory. ib_sg_to_page() has ensured that when i> CVSSv3.1 9.8 (CRITICAL) · EPSS 4th percentile
9.8
CVSS v3.1
99
Edit Score
CVE-2026-46317 — Linux: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus array behind mmu_lock kvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the MMU notifier path (kvm_unmap_gfn_range() -> kvm_nested_s2_unmap()), which can run at any time. kvm_vcpu_init_nested() reallocates the array and frees the old buffer while holding only kvm->arch.config_lock, so such a walker can reference the freed array. Allocate the new array ou CVSSv3.1 8.8 (HIGH) · EPSS 4th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46316 — Linux: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each entry with vgic_put_irq(). It puts the iterated pointer, though, rather than the value returned by xa_erase(). The function is called from contexts that do not exclude one another: the ITS command hand CVSSv3.1 9.3 (CRITICAL) · EPSS 5th percentile
9.3
CVSS v3.1
97
Edit Score
CVE-2017-20251 — WordPress: Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint with crafted content containing insert_php shortcodes to include and execute remote PHP files on the server. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2017-20249 — Apptha: Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to
Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2017-20247 — WordPress: Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated
WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2017-20246 — KittyCatfish: 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers
KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc_ad' parameter in base.css.php or kittycatfish.php to extract sensitive database information using boolean-based blind or time-based blind techniques. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2017-20245 — Wow: Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated
Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2017-20244 — Wow: Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated
Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php endpoint with the 'send_mwp_form' action to extract sensitive database contents. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2017-20243 — WordPress: Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection
WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Attackers can send GET requests to the booking-page endpoint with malicious space_id values using AND SLEEP() payloads to extract sensitive database information. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2016-20065 — Product: Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows
Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the UpdateCategoryList action to extract sensitive database information from WordPress tables. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2016-20062 — Simply: Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database. CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
Mythos Doesn't Deploy Itself
Bishop Fox Labs·bishopfox.com
Bishop Fox analyzes the dual impact of AI models on vulnerability research: expert researchers paired with LLMs achieve genuine zero-day discoveries, while unskilled practitioners generate convincing but inaccurate submissions at scale. The bug bounty ecosystem has collapsed under AI-generated noise (334% queue growth at Bugcrowd, 76% YoY increase at HackerOne), forcing programs like curl and Nextcloud to shut down or pause rewards due to validation costs outpacing submission quality.
78
Edit Score
CVE-2026-46748 — This capability allows the process to bypass file system permission checks, resulting in unrestricted
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46746 — The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affe CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41031 — Stored: A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1
A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2025-10263 — Arm: C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-8365 — Blocksy: The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote
The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksy_sanitize_post_meta_options() function, which only blocks values containing '<' or '>' and does not prevent serialized PHP object strings from being stored in post meta, combined with the SearchReplacer::ru CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11616 — Events: The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying strip_tags(esc_sql()) — with no allow-list — to the attacker-controlled $_POST['type'] and $_POST['postid'] values before forwarding them to update_ayi_data(), which calls update_user_meta($current_user->ID, $rsvp_args['type'], $posts). By passing type=wp_capabilities and postid=admi CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2009-10007 — Catalyst: Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks.
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score