newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-23 02:44Z
Subscribe to news →
CVE-2026-8421 — Concretecms Concrete_cms: Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of
Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/controllers/single_page/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under DIR_PACKAGES/<handle>/, can force the installation of that package without any CSRF protection. Package installation executes the package controller's install() method as the web s CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-8417 — Concretecms Concrete_cms: Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() method in concrete/controllers/single_page/dashboard/extend/update.php checks only canInstallPackages() before executing upgradeCoreData() and upgrade() on the named package's controller. Because the endpoint is a state-changing GET route with no token enforcement, an attacker can force an authenticated administrator to trig CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-8350 — Concretecms Concrete_cms: Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove legitimate admins. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks Vin CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-47102 — LiteLLM: prior to 1.83.10 allows a user to modify their own user_role via the
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint a CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-47101 — LiteLLM: prior to 1.83.14 allows an authenticated internal_user to create API keys with access
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privil CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9082 | Drupal SQL Injection Vulnerability
CVE-2026-9082 is a critical SQL injection vulnerability in Drupal core affecting PostgreSQL-backed deployments (versions 8.9.0–11.3.9). The flaw exists in Drupal's database abstraction API where unauthenticated attackers can bypass query sanitization via specially crafted requests, leading to arbitrary SQL execution, credential theft, privilege escalation, and potential RCE. Patches are available across all supported branches; MySQL/MariaDB/SQLite deployments are unaffected.
82
Edit Score
CVE-2026-23734 | XWiki Path Traversal Vulnerability
CVE-2026-23734 is a critical path traversal vulnerability in XWiki's xwiki-commons-classloader-api component affecting the ssx and jsx endpoints. An unauthenticated attacker can bypass path traversal protections using a leading slash in the resource parameter to read sensitive configuration files including credentials and database connection strings. The vulnerability is an incomplete fix for CVE-2025-55748 and is remotely exploitable without authentication.
78
Edit Score
CVE-2026-47114 — IINA: before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that passes unvalidated mpv_options/input-commands parameters into the mpv runtime, causing arbitrary command execution as the current macOS user upon approval of the browser protocol prompt CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-48242 — Open: ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-48241 — Open: ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-48235 — Open: ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and Google Latitude integration) are concatenated into UPDATE and INSERT statements without sanitization. An attacker able to compromise or impersonate the remote GPS tracker endpoint can inject SQL to manipulate the responder location, t CVSSv3.1 8.2 (HIGH)
8.2
CVSS v3.1
91
Edit Score
CVE-2026-48207 — Deserialization: of untrusted data in Apache Fory PyFory.
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory Python-native mode with strict mode disabled and relies on DeserializationPolicy to restrict unsafe classes, functions, or module attributes. This issue affects Apache Fory: from before 1 CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-9089 — ConnectWise: The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-39531 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0. CVSSv3.1 9.3 (CRITICAL)
9.3
CVSS v3.1
97
Edit Score
Introducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound
SpecterOps·specterops.io
SpecterOps released TailscaleHound, an OpenGraph collector for BloodHound that maps Tailscale network topology, identity relationships, ACLs, SSH rules, routes, and hybrid Azure identities into queryable attack paths. The tool supports both remote API collection and local status-file collection, enabling red teams to identify lateral movement, privilege escalation, and access paths through Tailscale infrastructure.
82
Edit Score
CVE-2026-2740 — Zohocorp: ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2025-71211 — Trend: A vulnerability in the Trend Micro Apex One management console could allow a remote
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have a CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2025-71210 — Trend: A vulnerability in the Trend Micro Apex One management console could allow a remote
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, a CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-5118 — Divi: The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured default_user_role setting. This makes it possible for unauthenticated attackers to create administrator accounts by tampering with the role parameter during registration. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-43501 — Linux: In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6_hdr->daddr, recompresses, then pulls the old header and pushes the new one plus the IPv6 header back. The recompressed header can be larger than the received one when the swap reduces the common-prefix length the segments share with daddr (CmprI CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-43495 — Linux: A modem sending port_count=65535 in a 12-byte buffer triggers a slab-out-of-bounds read of up
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the modem-supplied port_count field as a loop bound over port_msg->data[] without checking that the message buffer contains sufficient data. A modem sending port_count=65535 in a 12-byte buffer triggers a slab-out-of-bounds read of up to 262140 bytes. Add a sizeof(*port_msg) check bef CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement
Rapid7's Q1 2026 Threat Landscape Report reveals that vulnerability exploitation (38% of initial access) has surpassed social engineering, with over 50% of exploited vulnerabilities being zero-click network-facing flaws requiring no authentication. Geopolitical tensions drove coordinated state-sponsored campaigns targeting infrastructure and persistent access, while law enforcement disrupted major ransomware marketplaces (RAMP, LeakBase), pushing threat actors toward decentralized operations and pure extortion tactics focused on data theft over encryption.
72
Edit Score
CVE-2026-45253 — PT_SC_REMOTE: As a result, a user with the ability to debug a process may trigger
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score
CVE-2026-39461 — libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024). An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, ma CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9157 — Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1. CVSSv3.1 8.4 (HIGH)
8.4
CVSS v3.1
92
Edit Score