newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-18 05:15Z
Subscribe to news →
CVE-2026-39910 — STACKIT: IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT servers service-accounts endpoint to attach high-privileged service accounts and query the Instance Metadata Service to retrieve OAuth2 tokens, bypassing tenant boundaries and gaining una CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-25856 — OpenBullet2: through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifying job configurations. Attackers can leverage the plain C# execution mode, which lacks reference filtering or API restrictions, to access the file system, spawn processes, and invoke arbitrary .NET APIs as the process user. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-25855 — OpenBullet2: through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources, causing the server to execute the scripts and return output as proxy lines, resulting in arbitrary command execution on the host as the process user. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-25559 — OpenBullet2: through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that
OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can chain the file write and delete primitives to achieve remote code execution by manipulating critical system files such as /etc/passwd, with full system impact since the application run CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-25555 — OpenBullet2: through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
Check Point disclosed CVE-2026-50751, a critical authentication bypass (CVSS 9.3) in Remote Access VPN, Mobile Access, and Spark Firewall products affecting IKEv1 deployments without machine certificate requirements. The vulnerability is actively exploited in the wild since May 7, 2026, with confirmed ties to Qilin ransomware affiliates across several dozen organizations. A related MITM vulnerability (CVE-2026-50752, CVSS 7.4) was also identified but remains unexploited.
92
Edit Score
v2.12.2-rc1
AzureHound releases·github.com
AzureHound v2.12.2-rc1 release candidate published with minor maintenance updates: semver compliance fix for rolling build version string, GitHub Actions workflow updates, removal of unnecessary credentials from build process, and migration to Node.js 24 for DigiCert signing.
15
Edit Score
CVE-2026-46656 — Bludit: This "Ghost Session" allows revoked users to maintain full unauthorized access to the system.
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized access to the system. Version 3.22.0 fixes the issue. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46480 — Flowiseai Flowise: Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46479 — Flowiseai Flowise: Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2. CVSSv3.1 8.8 (HIGH) · EPSS 19th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46478 — Flowiseai Flowise: Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2. CVSSv3.1 8.8 (HIGH) · EPSS 19th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46477 — Flowiseai Flowise: Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2. CVSSv3.1 8.8 (HIGH) · EPSS 19th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46476 — Flowiseai Flowise: Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2. CVSSv3.1 8.8 (HIGH) · EPSS 19th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46475 — Flowiseai Flowise: Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46444 — Flowiseai Flowise: Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELIST_URLS. However, it is also not protected by the main auth middleware when accessed via API key — the route requires API key auth (not whitelisted), but no permission checks exist on any operation. This CVSSv3.1 8.8 (HIGH) · EPSS 24th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-46442 — Flowiseai Flowise: The result is authenticated remote code execution on the Flowise server host.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When E2B_APIKEY is not configured — the common deployment case — Flowise executes this code inside a NodeVM sandbox. This sandbox can be escaped, allowing an attacker to reach the host process o CVSSv3.1 9.9 (CRITICAL) · EPSS 57th percentile
9.9
CVSS v3.1
100
Edit Score
CVE-2026-46441 — Flowiseai Flowise: The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field an CVSSv3.1 9.6 (CRITICAL) · EPSS 15th percentile
9.6
CVSS v3.1
98
Edit Score
CVE-2026-46440 — Flowiseai Flowise: Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2. CVSSv3.1 9.1 (CRITICAL) · EPSS 13th percentile
9.1
CVSS v3.1
96
Edit Score
CVE-2026-44631 — Buffer: Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-42863 — Flowiseai Flowise: The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side validation and authorization checks, an authenticated user can manipulate internal at CVSSv3.1 8.1 (HIGH) · EPSS 16th percentile
8.1
CVSS v3.1
91
Edit Score
CVE-2026-42861 — Flowiseai Flowise: The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and r CVSSv3.1 9.6 (CRITICAL) · EPSS 16th percentile
9.6
CVSS v3.1
98
Edit Score
CVE-2026-42535 — A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-29167 — Use: After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-11528 — Tenda: The manipulation of the argument callback results in stack-based buffer overflow.
A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11524 — The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow.
A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score