https://shimiscyberworld.com/posts/more-than-10-million-stolen-from-crypto-platform-thorchain-cuypo/ Shimi's Cyber World en 2026-05-15T22:31:00+03:00 THORChain Suffers $10.7M Crypto Heist from Vault Compromisethreat-intel, data-breach, government https://shimiscyberworld.com/posts/funnel-builder-wordpress-plugin-bug-exploited-to-steal-credi-uvfof/ Shimi's Cyber World en 2026-05-15T22:30:33+03:00 Funnel Builder WordPress Plugin Exploited to Steal Credit Cardsthreat-intel, data-breach, malware, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-8686/ Shimi's Cyber World en 2026-05-15T22:17:05+03:00 coreMQTT CVE-2026-8686: DoS via Crafted MQTT v5.0 Packetvulnerability, cve, high-severity, denial-of-service, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-46408/ Shimi's Cyber World en 2026-05-15T22:17:04+03:00 Vvveb CMS Vulnerability (CVE-2026-46408) Allows Cart Hijackingvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-46407/ Shimi's Cyber World en 2026-05-15T22:17:04+03:00 Vvveb CMS API Token Disclosure (CVE-2026-46407) High Severityvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-46367/ Shimi's Cyber World en 2026-05-15T22:17:04+03:00 phpMyFAQ Stored XSS: Authenticated Users Can Steal Admin Sessionsvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-46366/ Shimi's Cyber World en 2026-05-15T22:17:03+03:00 phpMyFAQ Information Disclosure (CVE-2026-46366) Exposes Restricted Contentvulnerability, cve, high-severity, information-disclosure, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-46364/ Shimi's Cyber World en 2026-05-15T22:17:03+03:00 CVE-2026-46364: Critical SQL Injection in phpMyFAQ Unauthenticated API Accessvulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-46361/ Shimi's Cyber World en 2026-05-15T22:17:03+03:00 CVE-2026-46361 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-46359/ Shimi's Cyber World en 2026-05-15T22:17:03+03:00 CVE-2026-46359: phpMyFAQ SQL Injection via OAuth Token Claimsvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45010/ Shimi's Cyber World en 2026-05-15T22:17:01+03:00 CVE-2026-45010: phpMyFAQ 2FA Bypass Grants Admin Accessvulnerability, cve, critical, high-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2026-44826/ Shimi's Cyber World en 2026-05-15T22:17:00+03:00 Vvveb CMS CVE-2026-44826 Allows Negative Order Totals, Exposing Merchants to Financial Fraudvulnerability, cve, high-severity, cwe-1284 https://shimiscyberworld.com/posts/nvd-CVE-2021-47966/ Shimi's Cyber World en 2026-05-15T22:16:56+03:00 CVE-2021-47966: PHP Timeclock SQLi Exposes Employee Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2021-47965/ Shimi's Cyber World en 2026-05-15T22:16:56+03:00 WordPress Plugin WP Super Edit RCE via Unrestricted File Uploadvulnerability, cve, critical, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2021-47964/ Shimi's Cyber World en 2026-05-15T22:16:56+03:00 Schlix CMS RCE (CVE-2021-47964) Exposes Servers to Authenticated Attackersvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2021-47963/ Shimi's Cyber World en 2026-05-15T22:16:55+03:00 Anote 1.0 RCE via Persistent XSS (CVE-2021-47963)vulnerability, cve, high-severity, remote-code-execution, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2021-47959/ Shimi's Cyber World en 2026-05-15T22:16:55+03:00 WordPress WPGraphQL DoS: Unauthenticated Attackers Can Crash Serversvulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-8695/ Shimi's Cyber World en 2026-05-15T20:16:49+03:00 CVE-2026-8695: radare2 Use-After-Free Allows Remote Code Executionvulnerability, cve, high-severity, code-execution, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-46383/ Shimi's Cyber World en 2026-05-15T20:16:49+03:00 CVE-2026-46383 — Microsoft APM is an open-source, community-drivenvulnerability, cve, medium-severity, cwe-22, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-45539/ Shimi's Cyber World en 2026-05-15T20:16:48+03:00 Microsoft APM Vulnerability CVE-2026-45539 Exposes AI Agent Filesvulnerability, cve, high-severity, cwe-59, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-45037/ Shimi's Cyber World en 2026-05-15T20:16:48+03:00 Tabby Terminal Vulnerability CVE-2026-45037 Allows OS Protocol Handler Hijackvulnerability, cve, high-severity, cwe-184, cwe-601 https://shimiscyberworld.com/posts/nvd-CVE-2026-45036/ Shimi's Cyber World en 2026-05-15T20:16:48+03:00 CVE-2026-45036: Tabby Terminal ZMODEM Flaw Enables Code Executionvulnerability, cve, high-severity, code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-44717/ Shimi's Cyber World en 2026-05-15T20:16:48+03:00 CVE-2026-44717: Critical RCE in MCP Calculate Server Due to `eval()`vulnerability, cve, critical, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-44714/ Shimi's Cyber World en 2026-05-15T20:16:47+03:00 CVE-2026-44714: bitcoinj Library Flaw Allows Arbitrary P2PKH/P2WPKH Spendsvulnerability, cve, high-severity, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-44641/ Shimi's Cyber World en 2026-05-15T20:16:47+03:00 CVE-2026-44641: Microsoft APM Plugin Path Traversal Vulnerabilityvulnerability, cve, high-severity, cwe-22, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-44310/ Shimi's Cyber World en 2026-05-15T20:16:47+03:00 CVE-2026-44310 — Gitsign is a keyless Sigstore to signing tool for Gitvulnerability, cve, medium-severity, cwe-129, cwe-390 https://shimiscyberworld.com/posts/nvd-CVE-2026-44309/ Shimi's Cyber World en 2026-05-15T20:16:47+03:00 CVE-2026-44309 — Gitsign is a keyless Sigstore to signing tool for Gitvulnerability, cve, medium-severity, cwe-295, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-42207/ Shimi's Cyber World en 2026-05-15T20:16:46+03:00 CVE-2026-42207 — Magento Long Term Support (LTS) is an unofficial,vulnerability, cve, medium-severity, cwe-601 https://shimiscyberworld.com/posts/nvd-CVE-2026-41258/ Shimi's Cyber World en 2026-05-15T20:16:46+03:00 OpenMRS RCE: Critical Vulnerability Allows Unrestricted Java Reflectionvulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-23695/ Shimi's Cyber World en 2026-05-15T20:16:45+03:00 CVE-2026-23695 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/popular-node-ipc-npm-package-compromised-to-steal-credential-x3md6/ Shimi's Cyber World en 2026-05-15T20:10:42+03:00 node-ipc npm Package Compromised to Steal Credentialsthreat-intel, data-breach, malware, identity https://shimiscyberworld.com/posts/turla-turns-kazuar-backdoor-into-modular-p2p-botnet-for-pers-tljha/ Shimi's Cyber World en 2026-05-15T20:10:25+03:00 Turla Transforms Kazuar Backdoor into Modular P2P Botnetthreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-45736/ Shimi's Cyber World en 2026-05-15T18:16:54+03:00 CVE-2026-45736 — ws is an open source WebSocket client and server forvulnerability, cve, medium-severity, cwe-908 https://shimiscyberworld.com/posts/in-other-news-big-tech-vs-canada-encryption-bill-cisco-s-f-iomva/ Shimi's Cyber World en 2026-05-15T17:52:16+03:00 Nvidia, Android, Audi, Canvas: Security Week Highlights Key Flawsthreat-intel, vulnerability, data-breach, cloud, ai-security https://shimiscyberworld.com/posts/four-openclaw-flaws-enable-data-theft-privilege-escalation-a7v6t/ Shimi's Cyber World en 2026-05-15T16:35:04+03:00 OpenClaw Flaws Chained for Data Theft, Persistencethreat-intel, vulnerability, malware, cloud https://shimiscyberworld.com/posts/cisa-orders-all-federal-agencies-to-patch-exploited-bug-in-c-dxy9y/ Shimi's Cyber World en 2026-05-15T16:16:00+03:00 CISA Mandates Cisco SD-WAN Patch for Federal Agenciesthreat-intel, data-breach, government, vulnerability, identity, tools https://shimiscyberworld.com/posts/attackers-replaced-jdownloader-installer-downloads-with-malw-ne7yp/ Shimi's Cyber World en 2026-05-15T15:45:47+03:00 JDownloader Installer Compromised, Delivering Python RAT via Unpatched CMSmalware, threat-intel, ransomware, vulnerability, data-breach, microsoft, identity https://shimiscyberworld.com/posts/telegram-1427288221-8931/ Shimi's Cyber World en 2026-05-15T15:03:45+03:00 Robotic Lawn Mower Vulnerability: Remote Control Exposes Physical Riskisrael https://shimiscyberworld.com/posts/american-lending-center-data-breach-affects-123-000-individu-m967u/ Shimi's Cyber World en 2026-05-15T14:06:55+03:00 American Lending Center Data Breach Exposes 123,000 Individualsthreat-intel, vulnerability, malware, ransomware, data-breach https://shimiscyberworld.com/posts/what-45-days-of-watching-your-own-tools-will-tell-you-about-5do30/ Shimi's Cyber World en 2026-05-15T14:00:00+03:00 Trusted Tools: The Silent Threat in Your Attack Surfacethreat-intel, vulnerability, malware, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-41971/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41971 — Permission control vulnerability in the security controlvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41970/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41970 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-41969/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41969 — Permission control vulnerability in the projection module.vulnerability, cve, medium-severity, cwe-275 https://shimiscyberworld.com/posts/nvd-CVE-2026-41968/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41968 — Permission control vulnerability in the manufacturabilityvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41967/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41967 — Permission control vulnerability in the manufacturabilityvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41966/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41966 — Permission control vulnerability in the smart sensingvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41965/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41965 — Use-After-Freevulnerability, cve, medium-severity, use-after-free, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41964/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41964: High-Severity Web Permission Control Vulnerability Disclosedvulnerability, cve, high-severity, cwe-362 https://shimiscyberworld.com/posts/nvd-CVE-2026-41961/ Shimi's Cyber World en 2026-05-15T13:16:34+03:00 CVE-2026-41961 — Permission control vulnerability in contacts. Impact:vulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41960/ Shimi's Cyber World en 2026-05-15T13:16:33+03:00 CVE-2026-41960 — Permission control vulnerability in calls. Impact:vulnerability, cve, medium-severity, cwe-200 https://shimiscyberworld.com/posts/gremlin-stealer-s-evolved-tactics-hiding-in-plain-sight-wit-271z9/ Shimi's Cyber World en 2026-05-15T13:00:52+03:00 Gremlin Stealer Evolves with Advanced Obfuscation, Crypto Clippingthreat-intel, apt, malware, research, unit-42 https://shimiscyberworld.com/posts/teampcp-ups-the-game-releases-shai-hulud-worm-s-source-code-cpe3q/ Shimi's Cyber World en 2026-05-15T12:47:09+03:00 TeamPCP Releases Shai-Hulud Worm Source Code, Incentivizes Supply Chain Attacksthreat-intel, vulnerability, malware, tools https://shimiscyberworld.com/posts/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attac-obplf/ Shimi's Cyber World en 2026-05-15T12:40:42+03:00 Microsoft Exchange Zero-Day Exploited via XSS in Outlook on the webthreat-intel, data-breach, malware, vulnerability, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-8425/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-8425 — The Notify Odoo plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-8398/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-8398: DAEMON Tools Lite Supply Chain Compromisevulnerability, cve, critical, high-severity, cwe-506 https://shimiscyberworld.com/posts/nvd-CVE-2026-7563/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-7563 — The Classified Listing – AI-Powered Classified ads &vulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-7046/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-7046 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6415/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-6415 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6403/ Shimi's Cyber World en 2026-05-15T12:16:16+03:00 WordPress Quick Playground Plugin Path Traversal (CVE-2026-6403)vulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-6228/ Shimi's Cyber World en 2026-05-15T12:16:16+03:00 CVE-2026-6228: WordPress Frontend Admin Plugin Privilege Escalationvulnerability, cve, high-severity, privilege-escalation, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-5229/ Shimi's Cyber World en 2026-05-15T12:16:16+03:00 WordPress Form Notify Plugin: Critical Authentication Bypass (CVE-2026-5229)vulnerability, cve, critical, high-severity, authentication-bypass, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-4683/ Shimi's Cyber World en 2026-05-15T12:16:16+03:00 CVE-2026-4683 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-862 https://shimiscyberworld.com/posts/telegram-1542954397-4588/ Shimi's Cyber World en 2026-05-15T12:05:28+03:00 Google Pixel Contextual Suggestions Raise Privacy Concerns https://shimiscyberworld.com/posts/chrome-148-update-patches-critical-vulnerabilities-yx1wy/ Shimi's Cyber World en 2026-05-15T10:25:15+03:00 Chrome 148 Update Patches Critical Vulnerabilitiesthreat-intel, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-6646/ Shimi's Cyber World en 2026-05-15T10:16:20+03:00 CVE-2026-6646 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-4094/ Shimi's Cyber World en 2026-05-15T10:16:20+03:00 CVE-2026-4094: WooCommerce Currency Switcher Plugin Vulnerable to Data Lossvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-41702/ Shimi's Cyber World en 2026-05-15T10:16:18+03:00 VMware Fusion TOCTOU Flaw Grants Root Privilegesvulnerability, cve, high-severity, cwe-367 https://shimiscyberworld.com/posts/nvd-CVE-2026-28761/ Shimi's Cyber World en 2026-05-15T09:16:20+03:00 Musetheque V4 CSRF Vulnerability (CVE-2026-28761) Poses High Riskvulnerability, cve, high-severity, information-disclosure, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-24662/ Shimi's Cyber World en 2026-05-15T09:16:19+03:00 CVE-2026-24662 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-2652/ Shimi's Cyber World en 2026-05-15T06:16:23+03:00 mlflow Unauthenticated Access: FastAPI Routes Exposed in Versions < 3.10.0vulnerability, cve, high-severity, authentication-bypass, cwe-305 https://shimiscyberworld.com/posts/teampcp-hackers-advertise-mistral-ai-code-repos-for-sale-weqm4/ Shimi's Cyber World en 2026-05-15T01:50:36+03:00 Mistral AI Source Code Advertised for Sale by TeamPCPthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-6811/ Shimi's Cyber World en 2026-05-15T01:16:45+03:00 CVE-2026-6811 — Stack exhaustion vulnerability in the MongoDB PHP drivervulnerability, cve, medium-severity, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-45248/ Shimi's Cyber World en 2026-05-15T01:16:45+03:00 CVE-2026-45248 — The GET /Api/V1/Demo/Registered-Users Endpoint That Authentication Bypassvulnerability, cve, medium-severity, authentication-bypass, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-44671/ Shimi's Cyber World en 2026-05-15T01:16:44+03:00 ZITADEL LDAP Filter Injection Exposes Usernames, Attributesvulnerability, cve, high-severity, authentication-bypass, cwe-90 https://shimiscyberworld.com/posts/nvd-CVE-2026-45370/ Shimi's Cyber World en 2026-05-15T00:16:48+03:00 CVE-2026-45370: python-utcp Exposes Process Secrets via Environment Variablesvulnerability, cve, high-severity, cwe-526 https://shimiscyberworld.com/posts/nvd-CVE-2026-45369/ Shimi's Cyber World en 2026-05-15T00:16:48+03:00 CVE-2026-45369: Python-UTCP RCE via Unsanitized Shell Commandsvulnerability, cve, high-severity, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-44673/ Shimi's Cyber World en 2026-05-15T00:16:47+03:00 CVE-2026-44673: libyang Integer Overflow Leads to Heap Corruptionvulnerability, cve, high-severity, buffer-overflow, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-44661/ Shimi's Cyber World en 2026-05-15T00:16:47+03:00 CVE-2026-44661 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-44212/ Shimi's Cyber World en 2026-05-15T00:16:46+03:00 PrestaShop XSS: Critical Back-Office Takeover via Customer Service Viewvulnerability, cve, critical, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-8634/ Shimi's Cyber World en 2026-05-14T23:17:21+03:00 CVE-2026-8634: Crabbox Environment Variable Exposure Critical Vulnerabilityvulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-8629/ Shimi's Cyber World en 2026-05-14T23:17:21+03:00 CVE-2026-8629: Crabbox Privilege Escalation Puts Shared Environments at Riskvulnerability, cve, high-severity, privilege-escalation, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-8597/ Shimi's Cyber World en 2026-05-14T23:17:21+03:00 Amazon SageMaker Python SDK: RCE via Missing Integrity Verification (CVE-2026-8597)vulnerability, cve, high-severity, code-execution, cwe-354 https://shimiscyberworld.com/posts/nvd-CVE-2026-8596/ Shimi's Cyber World en 2026-05-14T23:17:21+03:00 Amazon SageMaker Python SDK: CVE-2026-8596 Allows Code Executionvulnerability, cve, high-severity, code-execution, cwe-312 https://shimiscyberworld.com/posts/nvd-CVE-2026-44637/ Shimi's Cyber World en 2026-05-14T23:17:08+03:00 libsixel Signed Integer Overflow (CVE-2026-44637) Leads to Heap Writevulnerability, cve, high-severity, buffer-overflow, cwe-190, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-44636/ Shimi's Cyber World en 2026-05-14T23:17:08+03:00 CVE-2026-44636: libsixel Integer Overflow Leads to Heap Buffer Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-122, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-43996/ Shimi's Cyber World en 2026-05-14T23:17:07+03:00 CVE-2026-43996 — OpenImageIO is a toolset for reading, writing, andvulnerability, cve, medium-severity, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-43909/ Shimi's Cyber World en 2026-05-14T23:17:07+03:00 CVE-2026-43909: OpenImageIO Vulnerability Exposes Apps to OOB Read/Writevulnerability, cve, high-severity, out-of-bounds-1, cwe-125, cwe-190, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-43908/ Shimi's Cyber World en 2026-05-14T23:17:06+03:00 OpenImageIO CVE-2026-43908: High-Severity Integer Overflow Leads to RCEvulnerability, cve, high-severity, out-of-bounds-1, cwe-190, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-43907/ Shimi's Cyber World en 2026-05-14T23:17:06+03:00 OpenImageIO CVE-2026-43907: Heap Overflow in DPX Processingvulnerability, cve, high-severity, code-execution, cwe-190, cwe-787 https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-14T23:00:00+03:00 Daily Security Digest — 2026-05-14daily-digest, vulnerability, cve, critical, high-severity, cwe-287, cwe-326, cwe-1391, cwe-89, cwe-436 https://shimiscyberworld.com/posts/nvd-CVE-2026-8621/ Shimi's Cyber World en 2026-05-14T22:16:39+03:00 CVE-2026-8621: Crabbox Authentication Bypass Allows Impersonationvulnerability, cve, high-severity, authentication-bypass, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-45375/ Shimi's Cyber World en 2026-05-14T22:16:39+03:00 CVE-2026-45375: Critical XSS in SiYuan Knowledge Management Systemvulnerability, cve, critical, high-severity, cwe-79, cwe-116 https://shimiscyberworld.com/posts/nvd-CVE-2026-45148/ Shimi's Cyber World en 2026-05-14T22:16:38+03:00 CVE-2026-45148 — SiYuan is an open-source personal knowledge managementvulnerability, cve, medium-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-45147/ Shimi's Cyber World en 2026-05-14T22:16:38+03:00 CVE-2026-45147 — SiYuan is an open-source personal knowledge managementvulnerability, cve, medium-severity, cwe-285, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44633/ Shimi's Cyber World en 2026-05-14T22:16:38+03:00 Live Helper Chat REST API Vulnerability Allows Unauthorized Chat Tamperingvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-44592/ Shimi's Cyber World en 2026-05-14T22:16:38+03:00 Gradient CI/CD System Critical Vulnerability Allows Unauthenticated Worker Registrationvulnerability, cve, critical, high-severity, cwe-306, cwe-345, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44586/ Shimi's Cyber World en 2026-05-14T22:16:37+03:00 CVE-2026-44586: SiYuan Stored XSS Leads to RCE in Desktop Appvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79, cwe-94 https://shimiscyberworld.com/posts/openai-confirms-security-breach-in-tanstack-supply-chain-att-s9ovc/ Shimi's Cyber World en 2026-05-14T22:07:24+03:00 OpenAI Confirms Breach in TanStack Supply Chain Attackthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/windows-11-and-microsoft-edge-hacked-at-pwn2own-berlin-2026-xvl8t/ Shimi's Cyber World en 2026-05-14T21:53:50+03:00 Windows 11, Microsoft Edge Hacked at Pwn2Own Berlinthreat-intel, data-breach, malware, vulnerability, microsoft https://shimiscyberworld.com/posts/odni-taps-officials-to-coordinate-response-to-foreign-electi-92x49/ Shimi's Cyber World en 2026-05-14T21:21:00+03:00 ODNI Appoints Officials to Counter Foreign Election Threats for 2026threat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-46470/ Shimi's Cyber World en 2026-05-14T21:16:50+03:00 CVE-2026-46470 — GStreamer Gst-Plugins-Good Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-369 https://shimiscyberworld.com/posts/nvd-CVE-2026-46469/ Shimi's Cyber World en 2026-05-14T21:16:50+03:00 CVE-2026-46469 — GStreamer Gst-Plugins-Good Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-369 https://shimiscyberworld.com/posts/nvd-CVE-2026-44542/ Shimi's Cyber World en 2026-05-14T21:16:50+03:00 CVE-2026-44542: Critical Path Traversal in FileBrowser Quantumvulnerability, cve, critical, high-severity, arbitrary-file-access, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-44520/ Shimi's Cyber World en 2026-05-14T21:16:50+03:00 CVE-2026-44520 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-601, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42897/ Shimi's Cyber World en 2026-05-14T21:16:49+03:00 Microsoft Exchange Server XSS Allows Network Spoofing (CVE-2026-42897)vulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42572/ Shimi's Cyber World en 2026-05-14T21:16:47+03:00 CVE-2026-42572 — Hatchet is a platform for orchestrating background tasks,vulnerability, cve, medium-severity, cwe-639, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42334/ Shimi's Cyber World en 2026-05-14T21:16:47+03:00 Mongoose Query Sanitization Bypass Via $nor Operator (CVE-2026-42334)vulnerability, cve, high-severity, cwe-74 https://shimiscyberworld.com/posts/nvd-CVE-2026-41615/ Shimi's Cyber World en 2026-05-14T21:16:47+03:00 Microsoft Authenticator Critical Info Disclosure (CVE-2026-41615)vulnerability, cve, critical, high-severity, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2025-15024/ Shimi's Cyber World en 2026-05-14T21:16:35+03:00 CVE-2025-15024: Yordam Library Automation System Code Injectionvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2025-15023/ Shimi's Cyber World en 2026-05-14T21:16:34+03:00 CVE-2025-15023: Yordam Library System Authorization Flawvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/stealer-backdoor-found-in-3-node-ipc-versions-targeting-deve-h82s7/ Shimi's Cyber World en 2026-05-14T20:22:43+03:00 Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secretsthreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-44827/ Shimi's Cyber World en 2026-05-14T20:16:23+03:00 Diffusers RCE: Hugging Face Pipeline Loading Bypasses `trust_remote_code`vulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-44516/ Shimi's Cyber World en 2026-05-14T20:16:23+03:00 CVE-2026-44516: Valtimo Logs Sensitive Data Regardless of Debug Settingsvulnerability, cve, high-severity, cwe-532 https://shimiscyberworld.com/posts/nvd-CVE-2026-44514/ Shimi's Cyber World en 2026-05-14T20:16:23+03:00 CVE-2026-44514 — Both The Desktop Deployment (Default Http://Localhost:7500) Vulnerabilityvulnerability, cve, medium-severity, cwe-1385 https://shimiscyberworld.com/posts/nvd-CVE-2026-44513/ Shimi's Cyber World en 2026-05-14T20:16:22+03:00 CVE-2026-44513: Diffusers RCE Bypasses trust_remote_code Flagvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-44511/ Shimi's Cyber World en 2026-05-14T20:16:22+03:00 CVE-2026-44511: Katalyst Koi Admin Sessions Persist After Logoutvulnerability, cve, high-severity, cwe-613 https://shimiscyberworld.com/posts/nvd-CVE-2026-44312/ Shimi's Cyber World en 2026-05-14T20:16:22+03:00 CVE-2026-44312 — css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0,vulnerability, cve, medium-severity, cwe-295, cwe-829 https://shimiscyberworld.com/posts/nvd-CVE-2026-42555/ Shimi's Cyber World en 2026-05-14T20:16:21+03:00 CVE-2026-42555: Valtimo RCE Via Spring Expression Languagevulnerability, cve, critical, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-20224/ Shimi's Cyber World en 2026-05-14T20:16:20+03:00 Cisco Catalyst SD-WAN Manager XXE Flaw Allows Arbitrary File Readvulnerability, cve, high-severity, arbitrary-file-access, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-20210/ Shimi's Cyber World en 2026-05-14T20:16:20+03:00 CVE-2026-20210 — The Web UI Of Cisco Catalyst SD-WAN Manager, Formerly SD-WAN Vulnerabilityvulnerability, cve, medium-severity, cwe-779 https://shimiscyberworld.com/posts/nvd-CVE-2026-20209/ Shimi's Cyber World en 2026-05-14T20:16:19+03:00 CVE-2026-20209 — The Web UI Of Cisco Catalyst SD-WAN Manager, Formerly SD-WAN Vulnerabilityvulnerability, cve, medium-severity, cwe-779 https://shimiscyberworld.com/posts/nvd-CVE-2026-20182/ Shimi's Cyber World en 2026-05-14T20:16:19+03:00 CVE-2026-20182: Critical Authentication Bypass in Cisco SD-WAN Leads to Admin Accessvulnerability, cve, critical, high-severity, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2025-62313/ Shimi's Cyber World en 2026-05-14T20:16:18+03:00 CVE-2025-62313 — HCL AION is affected by a vulnerability where adequatevulnerability, cve, medium-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2025-62310/ Shimi's Cyber World en 2026-05-14T20:16:18+03:00 CVE-2025-62310 — HCL AION is affected by a vulnerability where encryption isvulnerability, cve, medium-severity, cwe-319 https://shimiscyberworld.com/posts/nvd-CVE-2025-62308/ Shimi's Cyber World en 2026-05-14T20:16:17+03:00 CVE-2025-62308 — HCL AION is affected by a vulnerability where sensitivevulnerability, cve, medium-severity, cwe-201 https://shimiscyberworld.com/posts/nvd-CVE-2025-62305/ Shimi's Cyber World en 2026-05-14T20:16:16+03:00 CVE-2025-62305 — HCL AION is affected by a vulnerability where certainvulnerability, cve, medium-severity, cwe-201 https://shimiscyberworld.com/posts/nvd-CVE-2026-42589/ Shimi's Cyber World en 2026-05-14T19:16:21+03:00 CVE-2026-42589: Gotenberg RCE via ExifTool Argument Injectionvulnerability, cve, critical, high-severity, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-42283/ Shimi's Cyber World en 2026-05-14T19:16:21+03:00 CVE-2026-42283: DevSpace UI WebSocket Exposes Developer Endpointsvulnerability, cve, high-severity, cwe-200, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-40893/ Shimi's Cyber World en 2026-05-14T19:16:20+03:00 CVE-2026-40893: Gotenberg Allows Arbitrary File Manipulationvulnerability, cve, high-severity, arbitrary-file-access, cwe-73, cwe-184 https://shimiscyberworld.com/posts/threatsday-bulletin-pan-os-rce-mythos-curl-bug-ai-tokeniz-9p27f/ Shimi's Cyber World en 2026-05-14T19:07:46+03:00 PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks Highlight Week's Exploitsthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/18-year-old-nginx-vulnerability-allows-dos-potential-rce-pxead/ Shimi's Cyber World en 2026-05-14T18:43:41+03:00 NGINX Vulnerability: 18-Year-Old Flaw Allows DoS, Potential RCEthreat-intel, data-breach, malware, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-44482/ Shimi's Cyber World en 2026-05-14T18:16:48+03:00 CVE-2026-44482: SoundCloud Client RCE via Malicious Track Metadatavulnerability, cve, critical, high-severity, cwe-20, cwe-79, cwe-94, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44375/ Shimi's Cyber World en 2026-05-14T18:16:48+03:00 Nerdbank.MessagePack Stack Overflow Vulnerability (CVE-2026-44375) Patchedvulnerability, cve, high-severity, cwe-789 https://shimiscyberworld.com/posts/nvd-CVE-2026-44374/ Shimi's Cyber World en 2026-05-14T18:16:48+03:00 CVE-2026-44374 — Information Disclosurevulnerability, cve, medium-severity, information-disclosure, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42559/ Shimi's Cyber World en 2026-05-14T18:16:46+03:00 CVE-2026-42559: RMCP Rust SDK Vulnerable to DNS Rebindingvulnerability, cve, high-severity, cwe-346, cwe-350 https://shimiscyberworld.com/posts/nvd-CVE-2026-42457/ Shimi's Cyber World en 2026-05-14T18:16:46+03:00 vCluster Platform Critical XSS (CVE-2026-42457) Bypasses Admin Restrictionsvulnerability, cve, critical, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41937/ Shimi's Cyber World en 2026-05-14T18:16:46+03:00 CVE-2026-41937: Vvveb Unrestricted File Upload Enables RCE for Adminsvulnerability, cve, high-severity, cwe-61, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-41935/ Shimi's Cyber World en 2026-05-14T18:16:46+03:00 Vvveb Prior to 1.0.8.3 Vulnerable to DoS via Uncontrolled Recursionvulnerability, cve, high-severity, denial-of-service, cwe-209, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-41933/ Shimi's Cyber World en 2026-05-14T18:16:45+03:00 CVE-2026-41933 — Information Disclosurevulnerability, cve, medium-severity, information-disclosure, cwe-548 https://shimiscyberworld.com/posts/nvd-CVE-2026-41932/ Shimi's Cyber World en 2026-05-14T18:16:45+03:00 CVE-2026-41932 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6637/ Shimi's Cyber World en 2026-05-14T17:16:25+03:00 CVE-2026-6637: PostgreSQL 'refint' Module Allows RCE, SQLivulnerability, cve, high-severity, sql-injection, cwe-89, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-6575/ Shimi's Cyber World en 2026-05-14T17:16:25+03:00 CVE-2026-6575 — Buffer over-read in PostgreSQL functionvulnerability, cve, medium-severity, cwe-126 https://shimiscyberworld.com/posts/nvd-CVE-2026-6479/ Shimi's Cyber World en 2026-05-14T17:16:25+03:00 PostgreSQL Denial-of-Service Vulnerability: CVE-2026-6479 Impacts Older Versionsvulnerability, cve, high-severity, denial-of-service, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-6478/ Shimi's Cyber World en 2026-05-14T17:16:25+03:00 CVE-2026-6478 — Scram-Sha-256 Passwords, The Default In All Supported Releas Vulnerabilityvulnerability, cve, medium-severity, cwe-385 https://shimiscyberworld.com/posts/nvd-CVE-2026-6477/ Shimi's Cyber World en 2026-05-14T17:16:25+03:00 CVE-2026-6477: PostgreSQL libpq Vulnerability Allows Superuser Client Stack Overwritevulnerability, cve, high-severity, cwe-242 https://shimiscyberworld.com/posts/nvd-CVE-2026-6476/ Shimi's Cyber World en 2026-05-14T17:16:25+03:00 PostgreSQL CVE-2026-6476: SQL Injection Grants Superuser Accessvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6475/ Shimi's Cyber World en 2026-05-14T17:16:25+03:00 CVE-2026-6475: PostgreSQL Symlink Vulnerability Allows Superuser Hijackvulnerability, cve, high-severity, cwe-61 https://shimiscyberworld.com/posts/nvd-CVE-2026-6474/ Shimi's Cyber World en 2026-05-14T17:16:24+03:00 CVE-2026-6474 — Externally-controlled format string in PostgreSQLvulnerability, cve, medium-severity, cwe-134 https://shimiscyberworld.com/posts/nvd-CVE-2026-6473/ Shimi's Cyber World en 2026-05-14T17:16:24+03:00 PostgreSQL Vulnerability CVE-2026-6473 Allows Remote Code Executionvulnerability, cve, high-severity, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-6472/ Shimi's Cyber World en 2026-05-14T17:16:24+03:00 CVE-2026-6472 — Missing authorization in PostgreSQL CREATE TYPE allows anvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2025-15025/ Shimi's Cyber World en 2026-05-14T17:16:15+03:00 CVE-2025-15025: Yordam Library System Authorization Bypass Vulnerabilityvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/ghostwriter-targets-ukrainian-government-with-geofenced-pdf-5vqzd/ Shimi's Cyber World en 2026-05-14T17:00:37+03:00 Ghostwriter Targets Ukrainian Government with Geofenced PDF Phishingthreat-intel, vulnerability, phishing https://shimiscyberworld.com/posts/nvd-CVE-2026-6008/ Shimi's Cyber World en 2026-05-14T16:16:21+03:00 CVE-2026-6008 — Im Park Information Technology, Electronics, Press, Publishi Vulnerabilityvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-4031/ Shimi's Cyber World en 2026-05-14T16:16:20+03:00 Database Backup for WordPress Plugin Vulnerable to Auth Bypassvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-4030/ Shimi's Cyber World en 2026-05-14T16:16:20+03:00 CVE-2026-4030: WordPress Plugin Exposes Multisite Files to Unauthenticated Attackersvulnerability, cve, high-severity, arbitrary-file-access, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-4029/ Shimi's Cyber World en 2026-05-14T16:16:20+03:00 CVE-2026-4029: WordPress Multisite Plugin Exposes Databasevulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-43644/ Shimi's Cyber World en 2026-05-14T16:16:18+03:00 CVE-2026-43644 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2025-12008/ Shimi's Cyber World en 2026-05-14T16:16:16+03:00 CVE-2025-12008: Yaay Social Media App Authorization Bypass Exposes User Datavulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/mythos-proves-potent-in-vulnerability-discovery-less-convin-yv0gg/ Shimi's Cyber World en 2026-05-14T16:00:00+03:00 Mythos Tool Excels at Code Audits, Falls Short on Exploit Validation, Benchmarking Showsthreat-intel, vulnerability https://shimiscyberworld.com/posts/how-ai-hallucinations-are-creating-real-security-risks-yly1v/ Shimi's Cyber World en 2026-05-14T14:30:00+03:00 AI Hallucinations Pose Critical Infrastructure Security Riskthreat-intel, vulnerability, ai-security, the-hacker-news https://shimiscyberworld.com/posts/nvd-CVE-2026-2347/ Shimi's Cyber World en 2026-05-14T13:16:19+03:00 CVE-2026-2347: Critical Authorization Bypass in Akilli E-Commerce Websitevulnerability, cve, critical, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2025-11024/ Shimi's Cyber World en 2026-05-14T13:16:17+03:00 CVE-2025-11024: Akilli E-Commerce Blind SQLi Critical Vulnerabilityvulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/windows-zero-days-expose-bitlocker-bypasses-and-ctfmon-privi-uqpat/ Shimi's Cyber World en 2026-05-14T12:25:50+03:00 Windows Zero-Days Expose BitLocker Bypass, CTFMON Privilege Escalationthreat-intel, vulnerability, microsoft, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-6514/ Shimi's Cyber World en 2026-05-14T12:16:28+03:00 WordPress InfusedWoo Pro Plugin Vulnerable to Arbitrary File Read (CVE-2026-6514)vulnerability, cve, high-severity, arbitrary-file-access, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-6512/ Shimi's Cyber World en 2026-05-14T12:16:27+03:00 CVE-2026-6512: Critical Authorization Bypass in InfusedWoo Pro WordPress Pluginvulnerability, cve, critical, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-6504/ Shimi's Cyber World en 2026-05-14T12:16:27+03:00 CVE-2026-6504 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6206/ Shimi's Cyber World en 2026-05-14T12:16:27+03:00 CVE-2026-6206 — The MW WP Form plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-6174/ Shimi's Cyber World en 2026-05-14T12:16:27+03:00 CVE-2026-6174 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6145/ Shimi's Cyber World en 2026-05-14T12:16:26+03:00 CVE-2026-6145 — The User Registration & Membership plugin for WordPress isvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/high-severity-vulnerability-patched-in-vmware-fusion-ifs4o/ Shimi's Cyber World en 2026-05-14T11:42:25+03:00 VMware Fusion High-Severity Vulnerability Patchedthreat-intel, vulnerability https://shimiscyberworld.com/posts/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges-jfar5/ Shimi's Cyber World en 2026-05-14T10:34:19+03:00 Fragnesia Linux Flaw (CVE-2026-46300) Grants Root Privilegesthreat-intel, data-breach, malware, vulnerability, bleepingcomputer https://shimiscyberworld.com/posts/researcher-drops-yellowkey-greenplasma-windows-zero-days-zgj79/ Shimi's Cyber World en 2026-05-14T10:27:42+03:00 Windows YellowKey & GreenPlasma Zero-Days Releasedthreat-intel, vulnerability, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-6670/ Shimi's Cyber World en 2026-05-14T10:16:21+03:00 CVE-2026-6670 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-6510/ Shimi's Cyber World en 2026-05-14T10:16:21+03:00 CVE-2026-6510: Critical Privilege Escalation in InfusedWoo Pro WordPress Pluginvulnerability, cve, critical, high-severity, privilege-escalation, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-6506/ Shimi's Cyber World en 2026-05-14T10:16:20+03:00 InfusedWoo Pro Plugin Privilege Escalation (CVE-2026-6506)vulnerability, cve, high-severity, privilege-escalation, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-6271/ Shimi's Cyber World en 2026-05-14T10:16:20+03:00 CVE-2026-6271: WordPress Career Section Plugin RCE via File Uploadvulnerability, cve, critical, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-6252/ Shimi's Cyber World en 2026-05-14T10:16:20+03:00 CVE-2026-6252 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6225/ Shimi's Cyber World en 2026-05-14T10:16:20+03:00 CVE-2026-6225 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-5395/ Shimi's Cyber World en 2026-05-14T10:16:20+03:00 WordPress Fluent Forms IDOR Exposes Sensitive Data, Bypasses Access Controlsvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-5365/ Shimi's Cyber World en 2026-05-14T10:16:20+03:00 CVE-2026-5365 — The LatePoint plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-5193/ Shimi's Cyber World en 2026-05-14T10:16:19+03:00 CVE-2026-5193 — Privilege Escalationvulnerability, cve, medium-severity, privilege-escalation, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-3892/ Shimi's Cyber World en 2026-05-14T10:16:19+03:00 WordPress Motors Plugin: Authenticated File Deletion Vulnerability (CVE-2026-3892)vulnerability, cve, high-severity, arbitrary-file-access, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-3718/ Shimi's Cyber World en 2026-05-14T10:16:19+03:00 ManageWP Worker Plugin Vulnerable to Unauthenticated XSS (CVE-2026-3718)vulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-3694/ Shimi's Cyber World en 2026-05-14T10:16:18+03:00 CVE-2026-3694 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-8280/ Shimi's Cyber World en 2026-05-14T09:16:26+03:00 CVE-2026-8280 — GitLab CE/EE Affecting All Versions From 8.3 Before 18.9.7, Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-8181/ Shimi's Cyber World en 2026-05-14T09:16:25+03:00 CVE-2026-8181: WordPress Burst Statistics Plugin Critical Auth Bypassvulnerability, cve, critical, high-severity, privilege-escalation, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-7481/ Shimi's Cyber World en 2026-05-14T09:16:25+03:00 GitLab CVE-2026-7481: Developer XSS Vulnerability Patchedvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-7377/ Shimi's Cyber World en 2026-05-14T09:16:25+03:00 GitLab EE XSS (CVE-2026-7377) Allows JavaScript Execution in Dashboardsvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6073/ Shimi's Cyber World en 2026-05-14T09:16:24+03:00 GitLab XSS Vulnerability (CVE-2026-6073) Puts User Sessions at Riskvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5396/ Shimi's Cyber World en 2026-05-14T09:16:24+03:00 Fluent Forms CVE-2026-5396: Authorization Bypass Threatens WordPress Submissionsvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-5243/ Shimi's Cyber World en 2026-05-14T09:16:23+03:00 CVE-2026-5243 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-4527/ Shimi's Cyber World en 2026-05-14T09:16:23+03:00 CVE-2026-4527 — GitLab CE/EE Affecting All Versions From 11.10 Before 18.9.7 Vulnerabilityvulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-4524/ Shimi's Cyber World en 2026-05-14T09:16:23+03:00 CVE-2026-4524 — GitLab CE/EE Affecting All Versions From 18.9.1 Before 18.9. Vulnerabilityvulnerability, cve, medium-severity, cwe-288 https://shimiscyberworld.com/posts/nvd-CVE-2026-1659/ Shimi's Cyber World en 2026-05-14T09:16:21+03:00 GitLab CVE-2026-1659: Unauthenticated DoS Risk Patchedvulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-1322/ Shimi's Cyber World en 2026-05-14T09:16:21+03:00 CVE-2026-1322 — GitLab CE/EE Affecting All Versions From 16.0 Before 18.9.7, Vulnerabilityvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-1184/ Shimi's Cyber World en 2026-05-14T09:16:21+03:00 CVE-2026-1184 — GitLab EE Affecting All Versions From 11.9 Before 18.9.7, 18 Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2025-15345/ Shimi's Cyber World en 2026-05-14T09:16:21+03:00 CVE-2025-15345 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-80 https://shimiscyberworld.com/posts/nvd-CVE-2025-14870/ Shimi's Cyber World en 2026-05-14T09:16:20+03:00 GitLab CVE-2025-14870: Unauthenticated DoS Risk in CE/EEvulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2025-14869/ Shimi's Cyber World en 2026-05-14T09:16:20+03:00 GitLab DoS Vulnerability (CVE-2025-14869) Impacts Unauthenticated Usersvulnerability, cve, high-severity, denial-of-service, cwe-1284 https://shimiscyberworld.com/posts/telegram-1427288221-8925/ Shimi's Cyber World en 2026-05-14T09:01:49+03:00 File Converter Sites: A Growing Vector for Data Theft and Malwareisrael https://shimiscyberworld.com/posts/18-year-old-nginx-rewrite-module-flaw-enables-unauthenticate-mglgg/ Shimi's Cyber World en 2026-05-14T09:00:09+03:00 NGINX Rewrite Module Flaw (CVE-2026-42945) Enables Unauthenticated RCEthreat-intel, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-7648/ Shimi's Cyber World en 2026-05-14T08:16:46+03:00 CVE-2026-7648 — The LearnPress – WordPress LMS Plugin for Create and Sellvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-7525/ Shimi's Cyber World en 2026-05-14T08:16:45+03:00 CVE-2026-7525 — The My Calendar – Accessible Event Manager plugin forvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-5361/ Shimi's Cyber World en 2026-05-14T08:16:44+03:00 CVE-2026-5361 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/telegram-1707304340-2317/ Shimi's Cyber World en 2026-05-14T07:47:57+03:00 Dream Market Admin 'Speedstepper' Arrested for Crypto and Gold Launderingisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-5486/ Shimi's Cyber World en 2026-05-14T07:17:03+03:00 CVE-2026-5486 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-46446/ Shimi's Cyber World en 2026-05-14T07:17:03+03:00 CVE-2026-46446: SOGo SQL Injection Exposes Cleartext Passwordsvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-46445/ Shimi's Cyber World en 2026-05-14T07:17:03+03:00 CVE-2026-46445: High-Severity SQL Injection Impacts SOGo with PostgreSQLvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/telegram-1542954397-4585/ Shimi's Cyber World en 2026-05-14T07:04:38+03:00 Debian Bolsters Supply Chain Security with Reproducible Builds Mandatetools https://shimiscyberworld.com/posts/abrigo-711-099-breached-accounts-9ug3b/ Shimi's Cyber World en 2026-05-14T06:37:50+03:00 Abrigo Data Breach: ShinyHunters Extortion Exposes 700K Contactsdata-breach https://shimiscyberworld.com/posts/nvd-CVE-2026-46419/ Shimi's Cyber World en 2026-05-14T05:17:21+03:00 Yubico webauthn-server-core Vulnerability Leads to Impersonationvulnerability, cve, high-severity, cwe-253 https://shimiscyberworld.com/posts/nvd-CVE-2026-44919/ Shimi's Cyber World en 2026-05-14T05:17:21+03:00 CVE-2026-44919 — In OpenStack Ironic through 35.x before a3f6d73, duringvulnerability, cve, medium-severity, cwe-696 https://shimiscyberworld.com/posts/nvd-CVE-2026-41281/ Shimi's Cyber World en 2026-05-14T03:16:35+03:00 CVE-2026-41281 — Information Disclosurevulnerability, cve, medium-severity, information-disclosure, cwe-319 https://shimiscyberworld.com/posts/nvd-CVE-2026-32991/ Shimi's Cyber World en 2026-05-14T02:16:43+03:00 CVE-2026-32991: Team Member Privilege Escalation to Owner Accountvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-29206/ Shimi's Cyber World en 2026-05-14T02:16:42+03:00 CVE-2026-29206: SQL Injection in sqloptimizer via Slow Query Logsvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45158/ Shimi's Cyber World en 2026-05-14T01:16:46+03:00 OPNsense RCE: Critical Flaw Allows Root Access via DHCP Inputvulnerability, cve, critical, high-severity, remote-code-execution, cwe-88 https://shimiscyberworld.com/posts/nvd-CVE-2026-44478/ Shimi's Cyber World en 2026-05-14T01:16:46+03:00 Hoppscotch CVE-2026-44478: Unauthenticated Infrastructure Secret Leakvulnerability, cve, high-severity, cwe-284, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-44471/ Shimi's Cyber World en 2026-05-14T01:16:46+03:00 CVE-2026-44471: gitoxide Symlink Vulnerability Exposes Filesystem to Attackvulnerability, cve, high-severity, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-44447/ Shimi's Cyber World en 2026-05-14T01:16:45+03:00 ERPNext SQL Injection (CVE-2026-44447) Exposes Sensitive Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-44446/ Shimi's Cyber World en 2026-05-14T01:16:45+03:00 CVE-2026-44446: ERPNext SQL Injection Exposes Sensitive Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-44442/ Shimi's Cyber World en 2026-05-14T01:16:45+03:00 ERPNext Critical Authorization Bypass (CVE-2026-44442)vulnerability, cve, critical, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44440/ Shimi's Cyber World en 2026-05-14T01:16:45+03:00 CVE-2026-44440 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-44426/ Shimi's Cyber World en 2026-05-14T01:16:44+03:00 CVE-2026-44426 — ShellHub is a centralized SSH gateway. Prior to 0.24.2, GETvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44424/ Shimi's Cyber World en 2026-05-14T01:16:44+03:00 CVE-2026-44424 — ShellHub is a centralized SSH gateway. Prior to 0.24.2, GETvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44423/ Shimi's Cyber World en 2026-05-14T01:16:44+03:00 CVE-2026-44423 — ShellHub is a centralized SSH gateway. Prior to 0.24.2, GETvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44194/ Shimi's Cyber World en 2026-05-14T01:16:43+03:00 OPNsense RCE: Critical Flaw Allows Root Access Via Malformed Email Addressvulnerability, cve, critical, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-44193/ Shimi's Cyber World en 2026-05-14T01:16:43+03:00 OPNsense RCE Vulnerability (CVE-2026-44193) Exposes Firewallsvulnerability, cve, critical, high-severity, remote-code-execution, cwe-88 https://shimiscyberworld.com/posts/nvd-CVE-2026-32993/ Shimi's Cyber World en 2026-05-14T01:16:43+03:00 CVE-2026-32993: Unauthenticated HTTP Header Injection Vulnerabilityvulnerability, cve, high-severity, cwe-93 https://shimiscyberworld.com/posts/nvd-CVE-2026-32992/ Shimi's Cyber World en 2026-05-14T01:16:43+03:00 CVE-2026-32992: DNS Cluster SSL Verification Disabled, High-Severity MiTM Riskvulnerability, cve, high-severity, cwe-295 https://shimiscyberworld.com/posts/nvd-CVE-2026-29205/ Shimi's Cyber World en 2026-05-14T01:16:42+03:00 CVE-2026-29205: Arbitrary File Read via cpdavd Endpointsvulnerability, cve, high-severity, arbitrary-file-access, cwe-250 https://shimiscyberworld.com/posts/iranian-hackers-targeted-major-south-korean-electronics-make-wxxy8/ Shimi's Cyber World en 2026-05-14T00:59:33+03:00 MuddyWater Targets South Korean Electronics Giant in Espionage Campaignthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-45714/ Shimi's Cyber World en 2026-05-14T00:16:50+03:00 CubeCart CVE-2026-45714: Authenticated RCE Via Template Injectionvulnerability, cve, critical, high-severity, cwe-94, cwe-1336 https://shimiscyberworld.com/posts/nvd-CVE-2026-45708/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CubeCart RCE (CVE-2026-45708) Allows Unauthenticated Remote Code Executionvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-45229/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 Quark Drive Mass Assignment Flaw Grants Admin Takeovervulnerability, cve, high-severity, cwe-915 https://shimiscyberworld.com/posts/nvd-CVE-2026-45228/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CVE-2026-45228 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-45055/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CVE-2026-45055: CubeCart Password Reset Flaw Leads to Account Takeovervulnerability, cve, high-severity, cwe-20, cwe-345, cwe-601, cwe-784 https://shimiscyberworld.com/posts/nvd-CVE-2026-45054/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CVE-2026-45054 — CubeCart is an ecommerce software solution. Prior to 6.7.0,vulnerability, cve, medium-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45053/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CubeCart RCE: Critical Flaw Exposes E-commerce Stores to Webshellsvulnerability, cve, critical, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-44377/ Shimi's Cyber World en 2026-05-14T00:16:48+03:00 CVE-2026-44377: Critical RCE in CubeCart eCommerce Platformvulnerability, cve, critical, high-severity, remote-code-execution, cwe-94, cwe-1336 https://shimiscyberworld.com/posts/nvd-CVE-2026-44376/ Shimi's Cyber World en 2026-05-14T00:16:48+03:00 CVE-2026-44376 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-44373/ Shimi's Cyber World en 2026-05-14T00:16:48+03:00 CVE-2026-44373 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-42602/ Shimi's Cyber World en 2026-05-14T00:16:47+03:00 CVE-2026-42602: Azure Authenticator Extension Authentication Bypassvulnerability, cve, high-severity, authentication-bypass, cwe-208, cwe-287, cwe-290, cwe-294, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-42561/ Shimi's Cyber World en 2026-05-14T00:16:47+03:00 CVE-2026-42561: Python-Multipart DoS Vulnerability Patchedvulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-42304/ Shimi's Cyber World en 2026-05-14T00:16:46+03:00 CVE-2026-42304: Twisted DNS DoS Freezes Servers with Chained Pointersvulnerability, cve, high-severity, denial-of-service, cwe-400, cwe-407 https://shimiscyberworld.com/posts/nvd-CVE-2026-39358/ Shimi's Cyber World en 2026-05-14T00:16:46+03:00 CubeCart SQLi Vulnerability (CVE-2026-39358) Exposes E-commerce Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-21821/ Shimi's Cyber World en 2026-05-14T00:16:41+03:00 HCL BigFix SCM Reporting Site Vulnerable to XSS via Outdated jQueryvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-1104 https://shimiscyberworld.com/posts/nvd-CVE-2026-44351/ Shimi's Cyber World en 2026-05-13T23:16:22+03:00 CVE-2026-44351: Critical fast-jwt Auth Bypass via Empty Keyvulnerability, cve, critical, high-severity, cwe-287, cwe-326, cwe-1391 https://shimiscyberworld.com/posts/nvd-CVE-2026-42552/ Shimi's Cyber World en 2026-05-13T23:16:22+03:00 CVE-2026-42552: Flight PHP Framework Leaks Critical Server Infovulnerability, cve, high-severity, path-traversal, cwe-209 https://shimiscyberworld.com/posts/nvd-CVE-2026-42551/ Shimi's Cyber World en 2026-05-13T23:16:22+03:00 Flight PHP Framework CVE-2026-42551: CSRF & Cache Poisoning Riskvulnerability, cve, high-severity, cwe-436 https://shimiscyberworld.com/posts/nvd-CVE-2026-42550/ Shimi's Cyber World en 2026-05-13T23:16:22+03:00 CVE-2026-42550: Flight PHP Framework SQL Injection Vulnerabilityvulnerability, cve, high-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-42549/ Shimi's Cyber World en 2026-05-13T23:16:21+03:00 CVE-2026-42549 — Flight is an extensible micro-framework for PHP. Prior tovulnerability, cve, medium-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-33381/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33381 — When a user's access to mint tokens for a service accountvulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-33380/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33380 — SQL Expressions Arbitrary File Accessvulnerability, cve, medium-severity, arbitrary-file-access https://shimiscyberworld.com/posts/nvd-CVE-2026-33378/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33378 — Using the $__timeGroup macro, one can achieve an OOM byvulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-33377/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33377: Dashboard Privilege Escalation Vulnerabilityvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-33376/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33376: IPv6 Auth Proxy Bypass Riskvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-28383/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-28383 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service https://shimiscyberworld.com/posts/nvd-CVE-2026-28380/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-28380 — Any Editor could delete any snapshot, even if they have novulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-28379/ Shimi's Cyber World en 2026-05-13T23:16:19+03:00 CVE-2026-28379 — Race Conditionvulnerability, cve, medium-severity, race-condition https://shimiscyberworld.com/posts/nvd-CVE-2026-28376/ Shimi's Cyber World en 2026-05-13T23:16:19+03:00 CVE-2026-28376 — The Grafana Live push endpoint can be exploited to causevulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-28374/ Shimi's Cyber World en 2026-05-13T23:16:19+03:00 CVE-2026-28374 — Editors could delete any annotation, even those they do notvulnerability, cve, medium-severity https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-13T23:00:00+03:00 Daily Security Digest — 2026-05-13daily-digest, vulnerability, cve, critical, high-severity, cwe-328, cwe-648, remote-code-execution, cwe-502, cwe-88 https://shimiscyberworld.com/posts/alleged-dream-market-admin-arrested-in-germany-after-us-indi-6dx3x/ Shimi's Cyber World en 2026-05-13T22:54:00+03:00 Dream Market Admin Arrested in Germany After US Indictmentthreat-intel, data-breach, government