newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-21 12:46Z
Subscribe to news →
CVE-2026-42682 — Authorization: Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security
Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-42680 — Incorrect: Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-10259 — Such manipulation of the argument param leads to stack-based buffer overflow.
A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2024-40646 — Vertex: Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal.
Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal. Users should upgrade to a version containing commit fbde301b97986d5913fc4bc95f5445750d282e11 to receive a patch. CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution
A use-after-free vulnerability in Adobe Acrobat Reader's Escript.api module allows remote code execution via malicious PDF documents. The flaw stems from desynchronization between two bookkeeping mechanisms (reference counting and event scope stack) when exception handlers fail to properly clean up scoped objects during stack overflow conditions. An attacker can exploit __defineGetter__ to recursively invoke util.scand() and exhaust the C++ stack, leaving a dangling pointer that can be dereferenced for arbitrary code execution.
92
Edit Score
CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow in HP Poly VVX and Trio VoIP phones that allows remote code execution without authentication. The vulnerability bypasses modern memory protections and can be exploited to gain root access on trusted office devices. The research highlights the emerging threat of compromised VoIP phones as collection points for high-quality audio data to feed AI-powered impersonation and social engineering attacks.
78
Edit Score
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
Rapid7 discovered a critical unauthenticated stack-based buffer overflow (CVE-2026-0826, CVSS 9.2) in HP Poly VVX and Trio VoIP phones affecting all VVX models and three Trio models. The vulnerability exists in the parsing of SDP ICE candidate attributes and allows remote code execution with root privileges when ICE is enabled. Patches are available: VVX UCS 6.4.8, Trio 8300 UCS 8.1.7, Trio 8500/8800 UCS 7.2.8.
92
Edit Score
Containers on fire: from container escapes to supply chain attacks
Kaspersky's comprehensive analysis of container attack vectors covering exploitation of host vulnerabilities (runC, cgroups), malicious activity within containers, container escape techniques via Linux capability misconfigurations (CAP_SYS_ADMIN, CAP_SYS_MODULE, CAP_SYS_PTRACE, CAP_NET_ADMIN), orchestration API abuse, and supply chain attacks including Docker Hub poisoning. The article details real-world APT campaigns like TeamPCP's Checkmarx KICS compromise and provides technical walkthroughs of escape primitives including kernel module injection and ptrace-based process hijacking.
82
Edit Score
CVE-2026-9024 — Stored: A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process
A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-7858 — Deserialization: A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x
A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-49298 — Apache: A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints — triggering Dag runs, clearing runs, CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-49157 — Incorrect: Default Permissions vulnerability in Apache ActiveMQ.
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin (low-privilege) web-login accounts access to Jolokia operations which allowed executing broker management operations meant for admins such as addQueue and removeQueue. Users are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-45505 — Input: Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as `masterslave:vm://...,...` and `static:vm://...` incorrectly pass validation allowing bypass of fix in CVE-2026-34197. Original description from CVE-2026-34197. Apache ActiveMQ exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolo CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-44825 — Hardcoded: credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr
Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. As an immediate workaround without upgrading, delete the template users (superadmin, admin, search, index) from security.json or change their passwords. The future, no CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-42588 — Input: Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String). An authenticated attacker can invoke these operations with CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-42359 — Apache: The endpoint also accepted serialized payload shapes the triggerer's deserializer treats as code; combined
A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (e.g. `return_value`) that the matching POST endpoint already validated against `FORBIDDEN_XCOM_KEYS`. The endpoint also accepted serialized payload shapes the triggerer's deserializer treats as code; combined, this allowed RCE on the triggerer when the affected task next deferred. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-42252 — Apache: Dag authors who copied the pattern verbatim into deployments where users had `Dag.can_trigger` permission
Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }}")` example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into deployments where users had `Dag.can_trigger` permission on the affected Dag (typical multi-team deployments, hosted offerings exposing a trigger API) could be exposed to she CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-35563 — Apache Directory_ldap_api: While the underlying code validates the certificate chain against a trusted authority, the absence
It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid certificate issued for an entirely unrelated host to be improperly accepted. This oversight leaves the connection highly vulnerable to server impersonation and complete connection compr CVSSv3.1 8.5 (HIGH)
8.5
CVSS v3.1
93
Edit Score
FSB’s matryoshka #1/3 – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm
Sekoia's TDR team reconstructed a complete Gamaredon (FSB-linked) infection chain deployed in January 2026 targeting Ukrainian government and military entities. The campaign chains spearphishing with weaponized xHTML/RAR files exploiting CVE-2025-8088 to deploy a modular malware ecosystem (GammaPhish, GammaLoad, GammaWorm, GammaSteel) that establishes persistence, propagates via USB/network shares, and exfiltrates documents to cloud storage. The report establishes a unified taxonomy across a decade of fragmented Gamaredon nomenclature and documents novel evasion techniques including NTFS Alternate Data Streams, Dead Drop Resolvers, and redundant backdoor capabilities at every infection stage.
92
Edit Score
CVE-2026-48188 — Input: An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module
An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X * (OTRS)) Community Edition: 6.0.x Products based on the ( CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-20452 — In wlan AP driver, there is a possible memory corruption due to a heap
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295. CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-10206 — Performing a manipulation of the argument str results in stack-based buffer overflow.
A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet
Trend Micro Research·trendmicro.comZDI-CAN-31305ZDI-CAN-31432ZDI-CAN-31263ZDI-CAN-31430ZDI-CAN-31431ZDI-CAN-31482ZDI-CAN-31484ZDI-CAN-31481ZDI-CAN-314900day
Pwn2Own Berlin 2026 disclosed 47 zero-days across AI, enterprise, and virtualization targets, with $1.29M in payouts. AI products dominated the event, with every compromise rooted in 'trust boundary' failures where AI agents unconditionally trust external tools and protocols. Critical findings include Microsoft Exchange SYSTEM RCE, SharePoint pre-auth RCE, Edge sandbox escape, and VMware ESXi guest-to-host escape with cross-tenant implications.
82
Edit Score
Scala Security Audit
Quarkslab·blog.quarkslab.com
Quarkslab conducted a comprehensive security audit of Scala 3 on behalf of OSTIF, identifying 9 vulnerabilities across the compiler, standard library, and tooling. Findings include a deserialization gadget in ProcessBuilderImpl, stored XSS in Scaladoc, command injection in CI/CD workflows, and logic bugs in collection operations and TASTy parsing.
72
Edit Score
CVE-2026-8796 — Sereal: Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input.
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORT_BINARY pattern (an inline string whose length is encoded in the low bits of the tag), the resulting read is not bounded to precede the COPY tag's own offset and can run past the en CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score