Browse all 9 CVE security advisories affecting hwk-fr. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hwk-fr is a hardware keylogger designed for monitoring and capturing keystrokes on target systems. Historically, it has been associated with multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insecure firmware implementations and inadequate input validation. The device has been exploited in various security incidents where attackers leveraged its weaknesses to gain unauthorized access or escalate privileges on compromised systems. With seven CVEs documented, hwk-fr presents significant security risks, particularly in environments where physical access to devices is possible. Its design and implementation have repeatedly demonstrated security shortcomings that could lead to complete system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-8809 | Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter — Advanced Custom Fields: ExtendedCWE-269 | 9.8 | Critical | 2026-05-28 |
| CVE-2025-15463 | Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution — Advanced Custom Fields: ExtendedCWE-94 | 6.5 | Medium | 2026-05-12 |
| CVE-2025-14533 | Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action — Advanced Custom Fields: ExtendedCWE-269 | 9.8 | Critical | 2026-01-20 |
| CVE-2025-13486 | Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form — Advanced Custom Fields: ExtendedCWE-94 | 9.8 | Critical | 2025-12-03 |
| CVE-2023-5292 | Advanced Custom Fields: Extended <= 0.8.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Advanced Custom Fields: ExtendedCWE-79 | 6.4 | Medium | 2023-10-20 |
This page lists every published CVE security advisory associated with hwk-fr. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.