newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-18 06:36Z
Subscribe to news →
CVE-2026-11523 — Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow.
A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11522 — Tenda: Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow.
A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Keeping a Short Leash: New AzureHound Least-Privilege Documentation
SpecterOps·specterops.io
SpecterOps published comprehensive least-privilege permission documentation for AzureHound, the BloodHound data collector for Microsoft Entra ID and Azure Resource Manager. The research maps 17 Microsoft Graph endpoints to 8 granular application permissions and 17 ARM endpoints to specific RBAC actions, replacing the previous broad Directory.Read.All and Reader role assignments. The work includes validation methodology, permission matrices, and updated deployment scripts shipping with the narrower permission set by default.
68
Edit Score
v9.3.0-rc1
BloodHound v9.3.0-rc1 release candidate published with numerous feature additions, bug fixes, and dependency updates. Changes include new privilege zone metrics, alerts framework enhancements, ADCS post-processing optimizations, and accessibility improvements across the UI.
42
Edit Score
CVE-2026-11517 — UTT: Executing a manipulation of the argument GroupName can lead to buffer overflow.
A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Surviving the surge of new Linux LPE : Defense in Depth not dead
Synacktiv analyzes recent Linux LPE vulnerabilities (Crackarmor, Copy Fail, Dirty Frag) and demonstrates that traditional defense-in-depth hardening—restrictive setuid binary permissions and kernel module allowlisting—effectively mitigates exploitation chains before patches are available. The article provides practical implementation guidance using dpkg-statoverride and /proc/sys/kernel/modules_disabled to shift from default-allow to default-block posture.
72
Edit Score
Off By !: Exploiting a Use-after-Free in the Linux Kernel
Exodus Intelligence disclosed a use-after-free vulnerability (CVE-2026-23111) in the Linux kernel's nftables subsystem affecting the pipapo set implementation. The flaw exists in the nft_map_catchall_activate() function which incorrectly skips deactivated catchall elements during abort processing, leaving reference counters in an inconsistent state. This enables local privilege escalation from unprivileged user to root on Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS; the vulnerability was patched upstream on 5 February 2026.
82
Edit Score
CVE-2026-50751 — A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. CVSSv3.1 9.3 (CRITICAL)
9.3
CVSS v3.1
97
Edit Score
CVE-2026-11504 — Tenda: Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow.
A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11503 — Such manipulation of the argument ssid leads to stack-based buffer overflow.
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41724 — VMware: Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-41723 — VMware: Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-41722 — VMware: Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-11499 — Tenda: Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow.
A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-11498 — Tenda: Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow.
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2024-58349 — WordPress: Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2024-58348 — WordPress: Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2023-54352 — WordPress: Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open
WinRAR path-traversal vulnerability CVE-2025-8088 (CVSS 8.4), patched in July 2025, continues to be actively exploited by multiple Russia-aligned threat actors including SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon) against Ukrainian targets through April 2026. The flaw exploits NTFS Alternate Data Streams to silently write files outside extraction directories, enabling initial access via email-delivered RAR archives with decoy documents. SHADOW-EARTH-066 has evolved from basic Excel macro droppers with plaintext Telegram exfiltration to sophisticated WinRAR exploit chains delivering an updated GIFTEDCROOK information stealer with in-memory DLL loading, dual-layer RC4 encryption, Chrome App-Bound Encryption bypass, and dedicated C&C infrastructure.
82
Edit Score
CVE-2026-26422 — clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2026-11413 — The manipulation leads to stack-based buffer overflow.
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-7654 — Admin: The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper validation. This makes it possible for authenticated attackers with Contributor-level access and above to inject a serial CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11416 — MoviePilot: contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename normalization or path validation. An attacker who controls a filename returned by a remote cloud storage API can include traversal sequences ../ in the filename to cause downloaded conten CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-45779 — Buffalo Open_xdmod: An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023- CVSSv3.1 9.8 (CRITICAL) · EPSS 76th percentile
9.8
CVSS v3.1
99
Edit Score
CVE-2026-45777 — Buffalo Open_xdmod: This could allow an attacker to read or modify application data, alter system configuration
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacte CVSSv3.1 9.8 (CRITICAL) · EPSS 14th percentile
9.8
CVSS v3.1
99
Edit Score