https://shimiscyberworld.com/posts/cisa-orders-feds-to-patch-windows-flaw-exploited-as-zero-day-47f0x/ Shimi's Cyber World en 2026-04-29T13:29:31+03:00 CISA Mandates Urgent Patching for Windows Zero-Day Exploited in Attacksthreat-intel, data-breach, malware, vulnerability, microsoft https://shimiscyberworld.com/posts/critical-cpanel-authentication-vulnerability-identified-up-10tps/ Shimi's Cyber World en 2026-04-29T12:37:00+03:00 Critical cPanel Authentication Flaw Exposes Serversthreat-intel, vulnerability, identity, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-4019/ Shimi's Cyber World en 2026-04-29T12:16:25+03:00 CVE-2026-4019 — The Complianz – GDPR/CCPA Cookie Consent plugin forvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-42412/ Shimi's Cyber World en 2026-04-29T12:16:24+03:00 CVE-2026-42412 — WeDevs WP User Frontend Vulnerabilityvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2025-10503/ Shimi's Cyber World en 2026-04-29T12:16:23+03:00 CVE-2025-10503 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42377/ Shimi's Cyber World en 2026-04-29T11:16:18+03:00 SureForms Pro Vulnerability CVE-2026-42377 Exposes Access Control Flawsvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/telegram-1427288221-8849/ Shimi's Cyber World en 2026-04-29T10:02:16+03:00 Cyber News - Erez Dasa: Unattributed Foreign Login Triggered Investigationisrael, cybersafe https://shimiscyberworld.com/posts/telegram-1427288221-8847/ Shimi's Cyber World en 2026-04-29T09:02:28+03:00 Vect Ransomware: Bug Turns Encryption into Irreversible Data Wiperisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-35155/ Shimi's Cyber World en 2026-04-29T08:16:04+03:00 Dell iDRAC10 Vulnerability: Low-Privilege Race Condition Grants High Accessvulnerability, cve, high-severity, race-condition, cwe-522 https://shimiscyberworld.com/posts/nvd-CVE-2026-42615/ Shimi's Cyber World en 2026-04-29T07:16:41+03:00 GCHQ CyberChef XSS Vulnerability (CVE-2026-42615) Identifiedvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-23773/ Shimi's Cyber World en 2026-04-29T07:16:40+03:00 CVE-2026-23773 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42167/ Shimi's Cyber World en 2026-04-29T02:16:20+03:00 CVE-2026-42167: ProFTPD mod_sql RCE Via Log Expansionvulnerability, cve, high-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7319/ Shimi's Cyber World en 2026-04-29T01:16:52+03:00 CVE-2026-7319: Path Traversal in elinsky execution-system-mcp Poses Remote Riskvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7318/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7318 — Elie Mcp-Project Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7317/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7317 — Grav CMS Insecure Deserializationvulnerability, cve, medium-severity, insecure-deserialization, cwe-20, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-7316/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7316: Aider-mcp Command Injection Exposes AI Dev Workflowsvulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7315/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7315: eiceblue spire-pdf-mcp-server Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7314/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7314: eiceblue spire-doc-mcp-server Path Traversal Publicly Exploitedvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7306/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7306 — Xuxueli Xxl-Job Vulnerabilityvulnerability, cve, medium-severity, cwe-320, cwe-321 https://shimiscyberworld.com/posts/nvd-CVE-2026-7305/ Shimi's Cyber World en 2026-04-29T01:16:50+03:00 CVE-2026-7305 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41649/ Shimi's Cyber World en 2026-04-29T01:16:49+03:00 Outline Insecure Direct Object Reference (CVE-2026-41649) Exposes Documentsvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-33467/ Shimi's Cyber World en 2026-04-29T01:16:48+03:00 CVE-2026-33467 — Improper Verification of Cryptographic Signature (CWE-347)vulnerability, cve, medium-severity, cwe-347 https://shimiscyberworld.com/posts/spy-agency-officials-say-job-loss-anxiety-moving-fast-safe-x3o7u/ Shimi's Cyber World en 2026-04-29T00:43:20+03:00 NGA Grapples with AI Workforce Overhaul and Job Anxietythreat-intel, policy, government, microsoft, tools https://shimiscyberworld.com/posts/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw-kdccf/ Shimi's Cyber World en 2026-04-29T00:07:23+03:00 LiteLLM Pre-Auth SQLi Actively Exploited: CVE-2026-42208threat-intel, data-breach, malware, vulnerability, ai-security https://shimiscyberworld.com/posts/nsa-chief-during-snowden-affair-shares-regrets-reflections-pagdy/ Shimi's Cyber World en 2026-04-28T23:38:59+03:00 NSA Chief Reflects on Snowden Leaks: Lessons for CISOsthreat-intel, tools https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-04-28T23:00:00+03:00 Daily Security Digest — 2026-04-28daily-digest, vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78, privilege-escalation, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-42431/ Shimi's Cyber World en 2026-04-28T22:37:47+03:00 CVE-2026-42431: OpenClaw Vulnerability Allows Persistent Browser Profile Mutationvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42426/ Shimi's Cyber World en 2026-04-28T22:37:46+03:00 OpenClaw CVE-2026-42426: Improper Authorization Allows Node Pairing Bypassvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42422/ Shimi's Cyber World en 2026-04-28T22:37:45+03:00 OpenClaw CVE-2026-42422: Role Bypass Allows Unapproved Token Mintingvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41914/ Shimi's Cyber World en 2026-04-28T22:37:45+03:00 OpenClaw QQ Bot SSRF Vulnerability Bypasses Protections (CVE-2026-41914)vulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41404/ Shimi's Cyber World en 2026-04-28T22:37:43+03:00 OpenClaw Privilege Escalation via Incomplete Scope Clearing (CVE-2026-41404)vulnerability, cve, high-severity, privilege-escalation, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41394/ Shimi's Cyber World en 2026-04-28T22:37:42+03:00 OpenClaw CVE-2026-41394: Authentication Bypass Grants Operator Write Scopesvulnerability, cve, high-severity, authentication-bypass, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-41387/ Shimi's Cyber World en 2026-04-28T22:37:41+03:00 OpenClaw Incomplete Host Environment Sanitization Allows Package Overridesvulnerability, cve, high-severity, cwe-183 https://shimiscyberworld.com/posts/nvd-CVE-2026-41386/ Shimi's Cyber World en 2026-04-28T22:37:41+03:00 OpenClaw Privilege Escalation: Critical Flaw in Device Pairingvulnerability, cve, critical, high-severity, privilege-escalation, cwe-648 https://shimiscyberworld.com/posts/nvd-CVE-2026-41384/ Shimi's Cyber World en 2026-04-28T22:37:41+03:00 OpenClaw CLI Vulnerability Allows Code Execution via Environment Variable Injectionvulnerability, cve, high-severity, code-execution, cwe-15 https://shimiscyberworld.com/posts/nvd-CVE-2026-41383/ Shimi's Cyber World en 2026-04-28T22:37:41+03:00 CVE-2026-41383: OpenClaw Arbitrary Directory Deletion Flaw Exposes Remote Datavulnerability, cve, high-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41378/ Shimi's Cyber World en 2026-04-28T22:37:40+03:00 OpenClaw Privilege Escalation (CVE-2026-41378) Allows RCE via Paired Nodesvulnerability, cve, high-severity, remote-code-execution, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-3893/ Shimi's Cyber World en 2026-04-28T22:37:39+03:00 CVE-2026-3893: Carlson VASCO-B GNSS Receiver Lacks Authenticationvulnerability, cve, critical, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-24222/ Shimi's Cyber World en 2026-04-28T22:36:45+03:00 NVIDIA NeMoClaw Vulnerability Exposes Host Environment Variablesvulnerability, cve, high-severity, information-disclosure, cwe-497 https://shimiscyberworld.com/posts/nvd-CVE-2026-24186/ Shimi's Cyber World en 2026-04-28T22:36:45+03:00 NVIDIA FLARE SDK Vulnerability: Untrusted Deserialization Leads to RCEvulnerability, cve, high-severity, code-execution, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-24178/ Shimi's Cyber World en 2026-04-28T22:36:45+03:00 NVIDIA NVFlare Dashboard: Critical Auth Bypass Puts Systems at Riskvulnerability, cve, critical, high-severity, code-execution, cwe-639 https://shimiscyberworld.com/posts/vidar-rises-to-top-of-chaotic-infostealer-market-emmj1/ Shimi's Cyber World en 2026-04-28T22:07:16+03:00 Vidar Infostealer Dominates Post-Takedown Market Vacuumthreat-intel, tools, malware https://shimiscyberworld.com/posts/telegram-1542954397-4548/ Shimi's Cyber World en 2026-04-28T21:03:18+03:00 XChat Lacks True E2E, Metadata Exposure Persists https://shimiscyberworld.com/posts/telegram-1427288221-8844/ Shimi's Cyber World en 2026-04-28T20:53:48+03:00 GitHub RCE Vulnerability Exposes Millions of Repositoriesisrael https://shimiscyberworld.com/posts/telegram-1427288221-8843/ Shimi's Cyber World en 2026-04-28T20:42:07+03:00 Ynet, Population Authority Project Pulled Over Data Exposure Flawisrael https://shimiscyberworld.com/posts/brazilian-lofygang-resurfaces-after-three-years-with-minecra-g3nbk/ Shimi's Cyber World en 2026-04-28T20:39:00+03:00 LofyGang Resurfaces, Targets Minecraft Players with LofyStealer Malwarethreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/cyber-command-nsa-chief-warns-foreign-adversaries-likely-to-2x8o0/ Shimi's Cyber World en 2026-04-28T20:26:00+03:00 Cyber Command Warns Foreign Adversaries Targeting Midterm Electionsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/video-site-vimeo-blames-security-incident-on-anodot-breach-jrutw/ Shimi's Cyber World en 2026-04-28T19:21:00+03:00 Vimeo Blames Anodot Breach for User Data Theft by ShinyHuntersthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2025-60887/ Shimi's Cyber World en 2026-04-28T19:16:05+03:00 CVE-2025-60887 — Cista Insecure Deserializationvulnerability, cve, medium-severity, insecure-deserialization https://shimiscyberworld.com/posts/nvd-CVE-2026-7321/ Shimi's Cyber World en 2026-04-28T18:16:37+03:00 Firefox ESR Sandbox Escape: Critical CVE-2026-7321 Demands Immediate Attentionvulnerability, cve, critical, high-severity, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7289/ Shimi's Cyber World en 2026-04-28T18:16:37+03:00 D-Link DIR-825M Buffer Overflow (CVE-2026-7289) Exposes Routersvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7288/ Shimi's Cyber World en 2026-04-28T18:16:37+03:00 D-Link DIR-825M Buffer Overflow (CVE-2026-7288) Publicly Disclosedvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7283/ Shimi's Cyber World en 2026-04-28T18:16:36+03:00 CVE-2026-7283 — SourceCodester Pharmacy Sales And Inventory System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7282/ Shimi's Cyber World en 2026-04-28T18:16:36+03:00 CVE-2026-7282 — SourceCodester Pharmacy Sales And Inventory System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-40968/ Shimi's Cyber World en 2026-04-28T18:16:30+03:00 CVE-2026-40968 — When an authenticated user is denied access to a gRPCvulnerability, cve, medium-severity, cwe-653 https://shimiscyberworld.com/posts/nvd-CVE-2026-27760/ Shimi's Cyber World en 2026-04-28T18:16:26+03:00 OpenCATS Installer Vulnerability Allows Unauthenticated PHP Code Injectionvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/ukrainian-police-detain-hackers-suspected-of-stealing-thousa-qj6eq/ Shimi's Cyber World en 2026-04-28T17:57:00+03:00 Ukraine Police Arrest Hackers Targeting Thousands of Roblox Accountsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7272/ Shimi's Cyber World en 2026-04-28T17:16:14+03:00 CVE-2026-7272: WilliamCloudQi matlab-mcp-server Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-5944/ Shimi's Cyber World en 2026-04-28T17:16:13+03:00 CVE-2026-5944: Cisco Intersight Connector Exposes Nutanix Prism Central APIvulnerability, cve, high-severity, improper-access-control, cwe-306, cwe-862 https://shimiscyberworld.com/posts/vect-2-0-ransomware-irreversibly-destroys-files-over-131kb-o-v382i/ Shimi's Cyber World en 2026-04-28T17:01:00+03:00 VECT 2.0 Ransomware: Wiper-Like Flaw Irreversibly Destroys Filesthreat-intel, vulnerability, malware, ransomware, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-7309/ Shimi's Cyber World en 2026-04-28T16:19:24+03:00 CVE-2026-7309 — The OpenShift Container Platform Build System Information Disclosurevulnerability, cve, medium-severity, information-disclosure, cwe-426 https://shimiscyberworld.com/posts/nvd-CVE-2026-7271/ Shimi's Cyber World en 2026-04-28T16:19:24+03:00 CVE-2026-7271 — DV0x Creative-Ad-Agent Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7268/ Shimi's Cyber World en 2026-04-28T15:16:02+03:00 CVE-2026-7268 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7267/ Shimi's Cyber World en 2026-04-28T15:16:02+03:00 CVE-2026-7267 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7266/ Shimi's Cyber World en 2026-04-28T15:16:02+03:00 CVE-2026-7266 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/cisa-kev-CVE-2024-1708/ Shimi's Cyber World en 2026-04-28T15:00:00+03:00 CVE-2024-1708 — ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerabilityvulnerability, cve, cisa-kev, actively-exploited https://shimiscyberworld.com/posts/why-secure-data-movement-is-the-zero-trust-bottleneck-nobody-rls1b/ Shimi's Cyber World en 2026-04-28T14:58:00+03:00 Secure Data Movement is Zero Trust's Unseen Bottleneckthreat-intel, vulnerability https://shimiscyberworld.com/posts/telegram-1427288221-8842/ Shimi's Cyber World en 2026-04-28T14:56:31+03:00 AI Agents Claude, Cursor, Codex Weaponize Text Filesisrael https://shimiscyberworld.com/posts/critical-unpatched-flaw-leaves-hugging-face-lerobot-open-to-84lys/ Shimi's Cyber World en 2026-04-28T14:18:00+03:00 Hugging Face LeRobot RCE: Unauthenticated Deserialization Flawthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/after-mythos-new-playbooks-for-a-zero-window-era-tyb2q/ Shimi's Cyber World en 2026-04-28T13:30:00+03:00 AI Accelerates Exploit Windows, Demanding Faster Defensethreat-intel, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-7280/ Shimi's Cyber World en 2026-04-28T13:16:04+03:00 CVE-2026-7280 — Code Executionvulnerability, cve, medium-severity, code-execution, cwe-428 https://shimiscyberworld.com/posts/nvd-CVE-2026-7279/ Shimi's Cyber World en 2026-04-28T13:16:04+03:00 AVACAST DLL Hijacking (CVE-2026-7279) Allows System Code Executionvulnerability, cve, high-severity, code-execution, cwe-427 https://shimiscyberworld.com/posts/nvd-CVE-2026-7264/ Shimi's Cyber World en 2026-04-28T13:16:03+03:00 CVE-2026-7264 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7248/ Shimi's Cyber World en 2026-04-28T12:16:18+03:00 D-Link DI-8100 Critical Buffer Overflow Vulnerability (CVE-2026-7248)vulnerability, cve, critical, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7247/ Shimi's Cyber World en 2026-04-28T12:16:18+03:00 D-Link DI-8100 Buffer Overflow: CVE-2026-7247 Exposes Remote Exploitation Riskvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7244/ Shimi's Cyber World en 2026-04-28T12:16:17+03:00 CVE-2026-7244: Critical Command Injection Flaw in Totolink Routervulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7243/ Shimi's Cyber World en 2026-04-28T12:16:17+03:00 Totolink RCE: CVE-2026-7243 Exposes Routers to Critical Command Injectionvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7242/ Shimi's Cyber World en 2026-04-28T12:16:17+03:00 CVE-2026-7242: Critical Command Injection in Totolink A8000RUvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7241/ Shimi's Cyber World en 2026-04-28T12:16:17+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7241)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-40980/ Shimi's Cyber World en 2026-04-28T12:16:16+03:00 CVE-2026-40980 — In Spring AI, a malicious PDF file can be crafted thatvulnerability, cve, medium-severity, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-40979/ Shimi's Cyber World en 2026-04-28T12:16:16+03:00 CVE-2026-40979 — In Spring AI, having access to a shared environment canvulnerability, cve, medium-severity, cwe-377 https://shimiscyberworld.com/posts/nvd-CVE-2026-40978/ Shimi's Cyber World en 2026-04-28T12:16:16+03:00 Spring AI CosmosDBVectorStore Vulnerable to SQL Injection (CVE-2026-40978)vulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/telegram-1427288221-8841/ Shimi's Cyber World en 2026-04-28T12:15:54+03:00 Robinhood Registration Form Abused for Official-Looking Phishingisrael https://shimiscyberworld.com/posts/microsoft-asks-iphone-users-to-reauthenticate-after-outlook-1skep/ Shimi's Cyber World en 2026-04-28T11:37:12+03:00 Microsoft Outlook Outage Forces iPhone Users to Re-Authenticatethreat-intel, data-breach, malware, microsoft, identity https://shimiscyberworld.com/posts/nvd-CVE-2026-7240/ Shimi's Cyber World en 2026-04-28T11:16:02+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7240)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7238/ Shimi's Cyber World en 2026-04-28T11:16:02+03:00 CVE-2026-7238 — Code-Projects Online Music Site Unrestricted File Uploadvulnerability, cve, medium-severity, unrestricted-file-upload, cwe-284, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-7237/ Shimi's Cyber World en 2026-04-28T11:16:02+03:00 CVE-2026-7237: AgiFlow Path Traversal Puts Files at Riskvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7235/ Shimi's Cyber World en 2026-04-28T11:16:02+03:00 CVE-2026-7235 — ErlichLiu Claude-Agent-Sdk-Master Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-4911/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-4911 — The Booking Package plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-472 https://shimiscyberworld.com/posts/nvd-CVE-2026-4805/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-4805 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41526/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-41526 — In KDE KCoreAddons before 6.25, KShell::quoteArgs isvulnerability, cve, medium-severity, cwe-150 https://shimiscyberworld.com/posts/nvd-CVE-2026-41525/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-41525 — KDE Dolphin before 25.12.3 allows applications in a Flatpakvulnerability, cve, medium-severity, cwe-669 https://shimiscyberworld.com/posts/nvd-CVE-2026-40966/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-40966 — In Spring AI, an attacker can bypass conversation isolationvulnerability, cve, medium-severity, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-7234/ Shimi's Cyber World en 2026-04-28T10:16:04+03:00 CVE-2026-7234: Path Traversal Flaw in BrowserOperator Core Exposes Usersvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7230/ Shimi's Cyber World en 2026-04-28T10:16:03+03:00 CVE-2026-7230 — SourceCodester Safety Anger Pad Vulnerabilityvulnerability, cve, medium-severity, cwe-79, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-7229/ Shimi's Cyber World en 2026-04-28T10:16:03+03:00 CVE-2026-7229 — Code-Projects Coaching Management System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-40967/ Shimi's Cyber World en 2026-04-28T10:16:03+03:00 Spring AI Vulnerability (CVE-2026-40967) Allows Query Alterationvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-40356/ Shimi's Cyber World en 2026-04-28T10:16:03+03:00 CVE-2026-40356 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-191 https://shimiscyberworld.com/posts/telegram-1707304340-2297/ Shimi's Cyber World en 2026-04-28T09:59:34+03:00 Google Reports 32% Surge in Prompt Injection Attacksisrael, ai-security https://shimiscyberworld.com/posts/microsoft-patches-entra-id-role-flaw-that-enabled-service-pr-5lakt/ Shimi's Cyber World en 2026-04-28T09:37:00+03:00 Microsoft Entra ID Agent Role Flaw Enabled Service Principal Takeoverthreat-intel, vulnerability, microsoft, identity, ai-security https://shimiscyberworld.com/posts/medtronic-hack-confirmed-after-shinyhunters-threatens-data-l-gtyoc/ Shimi's Cyber World en 2026-04-28T09:35:19+03:00 Medtronic Confirms Breach After ShinyHunters Data Leak Threatthreat-intel, vulnerability, data-breach https://shimiscyberworld.com/posts/nvd-CVE-2026-7228/ Shimi's Cyber World en 2026-04-28T09:16:05+03:00 CVE-2026-7228: SourceCodester Pizzafy SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7227/ Shimi's Cyber World en 2026-04-28T09:16:05+03:00 CVE-2026-7227: SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7226/ Shimi's Cyber World en 2026-04-28T09:16:05+03:00 CVE-2026-7226: SQL Injection in SourceCodester Pizzafy Ecommerce Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7225/ Shimi's Cyber World en 2026-04-28T09:16:05+03:00 CVE-2026-7225: SourceCodester Pizzafy SQL Injection Vulnerabilityvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7224/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-7224: SQL Injection in SourceCodester Pizzafy Ecommerce Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6809/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-6809 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6725/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-6725 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6551/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-6551 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42510/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-42510 — OpenStack Ironic through 25.0.0 allows ipmitool executionvulnerability, cve, medium-severity, cwe-829 https://shimiscyberworld.com/posts/nvd-CVE-2026-40355/ Shimi's Cyber World en 2026-04-28T09:16:03+03:00 CVE-2026-40355 — Null Pointer Dereferencevulnerability, cve, medium-severity, null-pointer-dereference, cwe-476 https://shimiscyberworld.com/posts/microsoft-confirms-active-exploitation-of-windows-shell-cve-14h3k/ Shimi's Cyber World en 2026-04-28T08:50:00+03:00 Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202threat-intel, vulnerability, microsoft https://shimiscyberworld.com/posts/telegram-1427288221-8839/ Shimi's Cyber World en 2026-04-28T08:02:10+03:00 ShinyHunters Claims Vimeo Breach, Citing Anodot Compromiseisrael https://shimiscyberworld.com/posts/telegram-1427288221-8838/ Shimi's Cyber World en 2026-04-28T07:55:28+03:00 RansomHouse Claims CyberSecurity Vendor with Billions in Revenueisrael, ransomware https://shimiscyberworld.com/posts/telegram-1707304340-2296/ Shimi's Cyber World en 2026-04-28T07:41:31+03:00 HAFNIUM Hacker Extradited to US for Microsoft Exchange Attacks, COVID-19 Espionageisrael, microsoft, threat-intel https://shimiscyberworld.com/posts/nvd-CVE-2026-7223/ Shimi's Cyber World en 2026-04-28T07:16:29+03:00 CVE-2026-7223: BigSweetPotatoStudio HyperChat SSRF Vulnerabilityvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7221/ Shimi's Cyber World en 2026-04-28T07:16:26+03:00 TencentCloudBase CloudBase-MCP SSRF Vulnerability (CVE-2026-7221)vulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7220/ Shimi's Cyber World en 2026-04-28T07:16:26+03:00 CVE-2026-7220: FastlyMCP Command Injection Exposes Infrastructurevulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7219/ Shimi's Cyber World en 2026-04-28T07:16:23+03:00 Totolink N300RT: High-Severity Buffer Overflow Vulnerability (CVE-2026-7219)vulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7218/ Shimi's Cyber World en 2026-04-28T06:16:04+03:00 CVE-2026-7218: Totolink N300RT Buffer Overflow Exploited Remotelyvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7217/ Shimi's Cyber World en 2026-04-28T06:16:04+03:00 CVE-2026-7217 — Deepractice PromptX Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22, cwe-36 https://shimiscyberworld.com/posts/nvd-CVE-2026-7216/ Shimi's Cyber World en 2026-04-28T06:16:04+03:00 CVE-2026-7216: donchelo processing-claude-mcp-bridge Path Traversalvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7215/ Shimi's Cyber World en 2026-04-28T06:16:04+03:00 egtai gmx-vmd-mcp Vulnerability: Remote Command Injection (CVE-2026-7215)vulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-1460/ Shimi's Cyber World en 2026-04-28T06:16:02+03:00 CVE-2026-1460: Zyxel Routers Vulnerable to Admin Command Injectionvulnerability, cve, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-0711/ Shimi's Cyber World en 2026-04-28T06:16:02+03:00 CVE-2026-0711 — The EasyMesh-Related APIs Of Zyxel DX3300-T0 Firmware Versio Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7214/ Shimi's Cyber World en 2026-04-28T05:16:08+03:00 CVE-2026-7214: eghuzefa engineer-your-data Path Traversal Vulnerability (High Severity)vulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7213/ Shimi's Cyber World en 2026-04-28T05:16:08+03:00 ef10007 MLOps_MCP Path Traversal (CVE-2026-7213) Publicly Exploitablevulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7212/ Shimi's Cyber World en 2026-04-28T05:16:08+03:00 CVE-2026-7212: edvardlindelof notes-mcp Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7211/ Shimi's Cyber World en 2026-04-28T04:16:02+03:00 CVE-2026-7211: dvladimirov MCP Command Injection Vulnerabilityvulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7206/ Shimi's Cyber World en 2026-04-28T04:16:02+03:00 CVE-2026-7206: sqlite-mcp SQL Injection Vulnerability Exposedvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7205/ Shimi's Cyber World en 2026-04-28T04:16:01+03:00 CVE-2026-7205: High-Severity Path Traversal in duartium papers-mcp-servervulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7204/ Shimi's Cyber World en 2026-04-28T04:16:01+03:00 Totolink A8000RU Critical Command Injection (CVE-2026-7204)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7203/ Shimi's Cyber World en 2026-04-28T04:16:01+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7203)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7202/ Shimi's Cyber World en 2026-04-28T04:16:01+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7202)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-32649/ Shimi's Cyber World en 2026-04-28T04:16:00+03:00 CVE-2026-32649 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-32644/ Shimi's Cyber World en 2026-04-28T04:16:00+03:00 Milesight AIOT Cameras Critical Vulnerability: Default SSL Keys Exposedvulnerability, cve, critical, high-severity, cwe-321 https://shimiscyberworld.com/posts/nvd-CVE-2026-20766/ Shimi's Cyber World en 2026-04-28T04:16:00+03:00 Milesight AIOT Cameras Vulnerable to Out-of-Bounds Memory Access (CVE-2026-20766)vulnerability, cve, high-severity, cwe-122 https://shimiscyberworld.com/posts/nvd-CVE-2026-7199/ Shimi's Cyber World en 2026-04-28T03:16:26+03:00 CVE-2026-7199: SQL Injection in Pharmacy Sales and Inventory Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7196/ Shimi's Cyber World en 2026-04-28T03:16:26+03:00 CVE-2026-7196 — CodeAstro Online Classroom SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-41372/ Shimi's Cyber World en 2026-04-28T03:16:26+03:00 CVE-2026-41372 — OpenClaw before 2026.4.2 fails to normalize trailing-dotvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-41371/ Shimi's Cyber World en 2026-04-28T03:16:26+03:00 OpenClaw Privilege Escalation (CVE-2026-41371) Allows Session Resetvulnerability, cve, high-severity, privilege-escalation, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41370/ Shimi's Cyber World en 2026-04-28T03:16:26+03:00 CVE-2026-41370 — ACP Dispatch That Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41369/ Shimi's Cyber World en 2026-04-28T03:16:26+03:00 CVE-2026-41369 — OpenClaw before 2026.3.31 contains insufficient environmentvulnerability, cve, medium-severity, cwe-668 https://shimiscyberworld.com/posts/nvd-CVE-2026-41368/ Shimi's Cyber World en 2026-04-28T03:16:26+03:00 CVE-2026-41368 — OpenClaw before 2026.3.28 contains an environment variablevulnerability, cve, medium-severity, cwe-668 https://shimiscyberworld.com/posts/nvd-CVE-2026-41366/ Shimi's Cyber World en 2026-04-28T03:16:25+03:00 CVE-2026-41366 — AppendLocalMediaParentRoots That Vulnerabilityvulnerability, cve, medium-severity, cwe-732 https://shimiscyberworld.com/posts/nvd-CVE-2026-41365/ Shimi's Cyber World en 2026-04-28T03:16:25+03:00 CVE-2026-41365 — OpenClaw before 2026.3.31 contains a sender allowlistvulnerability, cve, medium-severity, cwe-441 https://shimiscyberworld.com/posts/nvd-CVE-2026-41364/ Shimi's Cyber World en 2026-04-28T03:16:25+03:00 CVE-2026-41364: OpenClaw Symlink Vulnerability Allows Arbitrary File Writevulnerability, cve, high-severity, arbitrary-file-access, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-41363/ Shimi's Cyber World en 2026-04-28T03:16:25+03:00 CVE-2026-41363 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-40976/ Shimi's Cyber World en 2026-04-28T03:16:24+03:00 CVE-2026-40976: Spring Boot Default Security Bypass Exposes Endpointsvulnerability, cve, critical, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40973/ Shimi's Cyber World en 2026-04-28T03:16:24+03:00 Spring Boot CVE-2026-40973: Local Attacker Can Hijack Sessions, Execute Codevulnerability, cve, high-severity, cwe-377 https://shimiscyberworld.com/posts/nvd-CVE-2026-40972/ Shimi's Cyber World en 2026-04-28T03:16:24+03:00 CVE-2026-40972: Spring Boot DevTools Timing Attack Exposes Secrets, RCE Riskvulnerability, cve, high-severity, remote-code-execution, cwe-208 https://shimiscyberworld.com/posts/nvd-CVE-2026-27785/ Shimi's Cyber World en 2026-04-28T03:16:23+03:00 CVE-2026-27785: Milesight AIOT Cameras Exposed by Hardcoded Credentialsvulnerability, cve, high-severity, cwe-798 https://shimiscyberworld.com/posts/nvd-CVE-2026-7194/ Shimi's Cyber World en 2026-04-28T02:16:04+03:00 CVE-2026-7194: SourceCodester Pharmacy System SQL Injection Publicly Exploitablevulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7183/ Shimi's Cyber World en 2026-04-28T02:16:03+03:00 CVE-2026-7183 — Aligungr UERANSIM Vulnerabilityvulnerability, cve, medium-severity, cwe-248 https://shimiscyberworld.com/posts/nvd-CVE-2026-7179/ Shimi's Cyber World en 2026-04-28T02:16:03+03:00 CVE-2026-7179 — OSPG Binwalk Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-40971/ Shimi's Cyber World en 2026-04-28T02:16:03+03:00 CVE-2026-40971 — When configured to use an SSL bundle, Spring Boot'svulnerability, cve, medium-severity, cwe-295 https://shimiscyberworld.com/posts/nvd-CVE-2026-28747/ Shimi's Cyber World en 2026-04-28T02:16:02+03:00 Milesight AIOT Cameras Vulnerable to Authorization Bypass via Weak Key Generationvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/pitney-bowes-8-243-989-breached-accounts-qgk8g/ Shimi's Cyber World en 2026-04-28T01:52:07+03:00 Pitney Bowes Data Breach: ShinyHunters Leaks 8.2M Recordsdata-breach, threat-intel, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-7178/ Shimi's Cyber World en 2026-04-28T01:16:19+03:00 CVE-2026-7178: ChatGPTNextWeb NextChat SSRF Vulnerabilityvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7177/ Shimi's Cyber World en 2026-04-28T01:16:18+03:00 ChatGPTNextWeb NextChat SSRF Vulnerability (CVE-2026-7177) Exposedvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7160/ Shimi's Cyber World en 2026-04-28T01:16:18+03:00 Tenda HG3 Router Command Injection (CVE-2026-7160) Exposes Networksvulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7159/ Shimi's Cyber World en 2026-04-28T01:16:18+03:00 CVE-2026-7159: douinc mkdocs-mcp-plugin Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7191/ Shimi's Cyber World en 2026-04-28T00:16:44+03:00 CVE-2026-7191: qnabot-on-aws Admin RCE via Prototype Manipulationvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-7158/ Shimi's Cyber World en 2026-04-28T00:16:44+03:00 CVE-2026-7158: dmitryglhf mcp-url-downloader SSRF Vulnerabilityvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7157/ Shimi's Cyber World en 2026-04-28T00:16:44+03:00 CVE-2026-7157: Aider-MCP-Server Command Injection Vulnerabilityvulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7156/ Shimi's Cyber World en 2026-04-28T00:16:44+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7156)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7155/ Shimi's Cyber World en 2026-04-28T00:16:43+03:00 Totolink A8000RU Faces Critical Remote Command Injection (CVE-2026-7155)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7154/ Shimi's Cyber World en 2026-04-28T00:16:43+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7154)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/supreme-court-signals-location-data-searches-should-require-5x48f/ Shimi's Cyber World en 2026-04-27T23:52:00+03:00 Supreme Court Signals Warrant Needed for Location Data Searchesthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7153/ Shimi's Cyber World en 2026-04-27T23:16:29+03:00 CVE-2026-7153: Critical OS Command Injection in Totolink A8000RU Routersvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7152/ Shimi's Cyber World en 2026-04-27T23:16:29+03:00 Totolink A8000RU Critical Command Injection (CVE-2026-7152)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7151/ Shimi's Cyber World en 2026-04-27T23:16:28+03:00 Tenda HG3 2.0 Router Vulnerability: Remote Stack Buffer Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-6741/ Shimi's Cyber World en 2026-04-27T23:16:28+03:00 CVE-2026-6741: WordPress LatePoint Plugin Privilege Escalationvulnerability, cve, high-severity, privilege-escalation, cwe-269 https://shimiscyberworld.com/posts/tennessee-becomes-second-state-to-ban-cryptocurrency-atms-ov-rb07a/ Shimi's Cyber World en 2026-04-27T23:06:00+03:00 Tennessee Bans Crypto ATMs Over Surging Scam Concernsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-04-27T23:00:00+03:00 Daily Security Digest — 2026-04-27daily-digest, pypi, github, dyepack https://shimiscyberworld.com/posts/telegram-1427288221-8837/ Shimi's Cyber World en 2026-04-27T22:32:41+03:00 elementary-data Python Library Compromised with Infostealerisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-7150/ Shimi's Cyber World en 2026-04-27T22:17:00+03:00 CVE-2026-7150 — Dh1011 Auto-Favicon Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7149/ Shimi's Cyber World en 2026-04-27T22:16:54+03:00 CVE-2026-7149: Dexhunter Kaggle-MCP Path Traversal Vulnerability Disclosedvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7148/ Shimi's Cyber World en 2026-04-27T22:16:53+03:00 CVE-2026-7148 — CodeAstro Online Classroom SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7147/ Shimi's Cyber World en 2026-04-27T22:16:53+03:00 CVE-2026-7147: JoeCastrom mcp-chat-studio SSRF Vulnerability Publicly Exploitablevulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-40970/ Shimi's Cyber World en 2026-04-27T22:16:52+03:00 CVE-2026-40970 — When configured to use an SSL bundle, Spring Boot'svulnerability, cve, medium-severity, cwe-295 https://shimiscyberworld.com/posts/nvd-CVE-2026-32655/ Shimi's Cyber World en 2026-04-27T22:16:47+03:00 CVE-2026-32655 — Dell Alienware Command Center (AWCC), versions prior tovulnerability, cve, medium-severity, cwe-272 https://shimiscyberworld.com/posts/money-launderer-for-crypto-thieves-given-5-year-sentence-vcujg/ Shimi's Cyber World en 2026-04-27T21:45:00+03:00 Crypto Launderer Sentenced Five Years for $260M Theftthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7146/ Shimi's Cyber World en 2026-04-27T21:16:56+03:00 CVE-2026-7146: AlejandroArciniegas mcp-data-vis Vulnerable to SSRFvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7145/ Shimi's Cyber World en 2026-04-27T21:16:56+03:00 CVE-2026-7145 — A weakness has been identified in mettle sendportal up tovulnerability, cve, medium-severity, cwe-285, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-7144/ Shimi's Cyber World en 2026-04-27T21:16:56+03:00 CVE-2026-7144 — 1000 Projects Portfolio Management System MCA Vulnerabilityvulnerability, cve, medium-severity, cwe-285, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-7143/ Shimi's Cyber World en 2026-04-27T21:16:56+03:00 CVE-2026-7143 — 1000 Projects Portfolio Management System MCA SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-25908/ Shimi's Cyber World en 2026-04-27T21:16:53+03:00 CVE-2026-25908 — The AWCC. A Low Privileged Attacker With Local Access Vulnerabilityvulnerability, cve, medium-severity, cwe-250 https://shimiscyberworld.com/posts/nvd-CVE-2025-69689/ Shimi's Cyber World en 2026-04-27T21:16:53+03:00 Fan Control App V251 Privilege Escalation (CVE-2025-69689)vulnerability, cve, high-severity, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-7142/ Shimi's Cyber World en 2026-04-27T20:16:45+03:00 CVE-2026-7142 — A vulnerability was determined in Wooey up to 0.13.2. Thevulnerability, cve, medium-severity, cwe-266, cwe-285 https://shimiscyberworld.com/posts/nvd-CVE-2026-7141/ Shimi's Cyber World en 2026-04-27T20:16:45+03:00 CVE-2026-7141 — Vllm Vulnerabilityvulnerability, cve, medium-severity, cwe-908 https://shimiscyberworld.com/posts/nvd-CVE-2026-7140/ Shimi's Cyber World en 2026-04-27T20:16:45+03:00 CVE-2026-7140: Critical OS Command Injection in Totolink A8000RU Routersvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7139/ Shimi's Cyber World en 2026-04-27T20:16:45+03:00 Totolink A8000RU Critical Command Injection (CVE-2026-7139)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7138/ Shimi's Cyber World en 2026-04-27T19:16:47+03:00 CVE-2026-7138: Critical Command Injection in Totolink Routersvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7137/ Shimi's Cyber World en 2026-04-27T19:16:47+03:00 Totolink Router RCE: CVE-2026-7137 Exposes Home and Small Business Networksvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7136/ Shimi's Cyber World en 2026-04-27T19:16:46+03:00 Totolink A8000RU Critical Command Injection Flaw (CVE-2026-7136)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7135/ Shimi's Cyber World en 2026-04-27T19:16:46+03:00 CVE-2026-7135 — GPAC Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-119, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-7134/ Shimi's Cyber World en 2026-04-27T19:16:46+03:00 CVE-2026-7134 — Code-Projects Online Lot Reservation System Unrestricted File Uploadvulnerability, cve, medium-severity, unrestricted-file-upload, cwe-284, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-41467/ Shimi's Cyber World en 2026-04-27T19:16:46+03:00 CVE-2026-41467 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41466/ Shimi's Cyber World en 2026-04-27T19:16:45+03:00 CVE-2026-41466 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41465/ Shimi's Cyber World en 2026-04-27T19:16:45+03:00 CVE-2026-41465 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41464/ Shimi's Cyber World en 2026-04-27T19:16:45+03:00 CVE-2026-41464 — The ObjectDetail.Php Endpoint That Privilege Escalationvulnerability, cve, medium-severity, privilege-escalation, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-41463/ Shimi's Cyber World en 2026-04-27T19:16:45+03:00 ProjeQtor ZipSlip Flaw: Authenticated RCE via Plugin Uploadvulnerability, cve, high-severity, remote-code-execution, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41462/ Shimi's Cyber World en 2026-04-27T19:16:45+03:00 ProjeQtor Critical SQL Injection Flaw Exposes Sensitive Datavulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-30352/ Shimi's Cyber World en 2026-04-27T19:16:43+03:00 CVE-2026-30352: Critical RCE in leonvanzyl autocoder /devserver/start Endpointvulnerability, cve, critical, high-severity, remote-code-execution, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-30351/ Shimi's Cyber World en 2026-04-27T19:16:43+03:00 CVE-2026-30351: Path Traversal Hits leonvanzyl autocodervulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/telegram-1427288221-8836/ Shimi's Cyber World en 2026-04-27T18:34:36+03:00 ClickUp API Key Exposed for Over a Year, Exposing Customer Dataisrael https://shimiscyberworld.com/posts/unpatched-phantomrpc-flaw-in-windows-enables-privilege-esc-rvcnc/ Shimi's Cyber World en 2026-04-27T18:31:41+03:00 Windows 'PhantomRPC' Flaw Enables Privilege Escalationthreat-intel, tools, vulnerability, microsoft https://shimiscyberworld.com/posts/disinformation-campaign-targeted-tibetan-parliament-in-exile-trxv7/ Shimi's Cyber World en 2026-04-27T18:28:00+03:00 Spamouflage Disinformation Campaign Targets Tibetan Parliament-in-Exilethreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7133/ Shimi's Cyber World en 2026-04-27T18:16:21+03:00 CVE-2026-7133 — Unrestricted File Uploadvulnerability, cve, medium-severity, unrestricted-file-upload, cwe-284, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-7132/ Shimi's Cyber World en 2026-04-27T18:16:21+03:00 CVE-2026-7132 — Code-Projects Online Lot Reservation System Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7131/ Shimi's Cyber World en 2026-04-27T18:16:21+03:00 CVE-2026-7131: SQL Injection in Online Lot Reservation System Exposes Sensitive Datavulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-40514/ Shimi's Cyber World en 2026-04-27T18:16:20+03:00 CVE-2026-40514 — SmarterTools SmarterMail builds prior to 9610 contain avulnerability, cve, medium-severity, cwe-338 https://shimiscyberworld.com/posts/italy-extradites-alleged-chinese-state-hacker-to-us-n4g4n/ Shimi's Cyber World en 2026-04-27T18:15:00+03:00 Italy Extradites Alleged Chinese State Hacker for COVID-19 Vaccine Theftthreat-intel, data-breach, government https://shimiscyberworld.com/posts/webinar-spotting-cyberattacks-before-they-begin-ky4yv/ Shimi's Cyber World en 2026-04-27T17:25:35+03:00 BleepingComputer Webinar: Proactive Threat Detection for Security Teamsthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/checkmarx-confirms-github-repository-data-posted-on-dark-web-9h1h2/ Shimi's Cyber World en 2026-04-27T17:19:00+03:00 Checkmarx GitHub Data Leaked Post Supply Chain Attackthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-7130/ Shimi's Cyber World en 2026-04-27T17:16:57+03:00 CVE-2026-7130: Critical SQL Injection Flaw in Pharmacy Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7129/ Shimi's Cyber World en 2026-04-27T17:16:56+03:00 CVE-2026-7129 — SourceCodester Pharmacy Sales And Inventory System Vulnerabilityvulnerability, cve, medium-severity, cwe-79, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-7128/ Shimi's Cyber World en 2026-04-27T17:16:56+03:00 CVE-2026-7128: SQL Injection in SourceCodester Pharmacy Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7127/ Shimi's Cyber World en 2026-04-27T17:16:56+03:00 CVE-2026-7127: SQL Injection in Pharmacy System Exposes Sensitive Datavulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7126/ Shimi's Cyber World en 2026-04-27T17:16:56+03:00 CVE-2026-7126: SQL Injection in Pharmacy Sales and Inventory Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/medtronic-confirms-breach-after-hackers-claim-9-million-reco-ya379/ Shimi's Cyber World en 2026-04-27T16:50:42+03:00 Medtronic Confirms Data Breach After Hackers Claim 9 Million Records Stolenthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/weekly-recap-fast16-malware-xchat-launch-federal-backdo-xhjm2/ Shimi's Cyber World en 2026-04-27T16:30:00+03:00 Weekly Recap: Fast16 Malware, Supply Chain Attacks, and Federal Backdoorsthreat-intel, vulnerability, malware, tools https://shimiscyberworld.com/posts/hackers-impersonate-microsoft-teams-help-desk-to-breach-corp-j5ovv/ Shimi's Cyber World en 2026-04-27T16:30:00+03:00 Microsoft Teams Impersonation Leads to Corporate Network Breachesthreat-intel, data-breach, government, malware, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-7125/ Shimi's Cyber World en 2026-04-27T16:16:05+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7125)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7124/ Shimi's Cyber World en 2026-04-27T16:16:04+03:00 CVE-2026-7124: Critical OS Command Injection in Totolink A8000RU Routersvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7123/ Shimi's Cyber World en 2026-04-27T16:16:04+03:00 CVE-2026-7123: Critical Command Injection in Totolink Routers Exposes Networksvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/incomplete-windows-patch-opens-door-to-zero-click-attacks-s0ojb/ Shimi's Cyber World en 2026-04-27T16:09:27+03:00 Microsoft Windows Patch Incomplete, APT28 Exploits Zero-Click Vulnerabilitythreat-intel, vulnerability, microsoft https://shimiscyberworld.com/posts/telegram-1707304340-2295/ Shimi's Cyber World en 2026-04-27T16:06:58+03:00 US ICE Deploys Israeli Graphite Zero-Click Spyware Against Fentanyl Traffickersisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-7122/ Shimi's Cyber World en 2026-04-27T15:16:26+03:00 Totolink A8000RU Critical Command Injection (CVE-2026-7122)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7121/ Shimi's Cyber World en 2026-04-27T15:16:25+03:00 Totolink A8000RU Critical Command Injection (CVE-2026-7121) Exposedvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7119/ Shimi's Cyber World en 2026-04-27T15:16:25+03:00 Tenda HG3 Router OS Command Injection (CVE-2026-7119)vulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7118/ Shimi's Cyber World en 2026-04-27T15:16:25+03:00 CVE-2026-7118 — Code-Projects Employee Management System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7117/ Shimi's Cyber World en 2026-04-27T15:16:25+03:00 CVE-2026-7117 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7116/ Shimi's Cyber World en 2026-04-27T15:16:25+03:00 CVE-2026-7116 — Code-Projects Employee Management System Vulnerabilityvulnerability, cve, medium-severity, cwe-79, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-5943/ Shimi's Cyber World en 2026-04-27T15:16:24+03:00 CVE-2026-5943: High-Severity Memory Corruption Vulnerability Uncoveredvulnerability, cve, high-severity, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-5942/ Shimi's Cyber World en 2026-04-27T15:16:24+03:00 CVE-2026-5942 — Flaws in page lifecycle management allow document structurevulnerability, cve, medium-severity, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-5941/ Shimi's Cyber World en 2026-04-27T15:16:24+03:00 CVE-2026-5941: Parsing Flaws Lead to Memory Corruptionvulnerability, cve, high-severity, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-5940/ Shimi's Cyber World en 2026-04-27T15:16:24+03:00 CVE-2026-5940: UI Refresh Flaw Triggers Program Crashesvulnerability, cve, high-severity, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-5939/ Shimi's Cyber World en 2026-04-27T15:16:24+03:00 CVE-2026-5939 — Code Executionvulnerability, cve, medium-severity, code-execution, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-5938/ Shimi's Cyber World en 2026-04-27T15:16:24+03:00 CVE-2026-5938 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-691 https://shimiscyberworld.com/posts/nvd-CVE-2026-5937/ Shimi's Cyber World en 2026-04-27T15:16:24+03:00 CVE-2026-5937 — Insufficient parameter verification leads to the occurrencevulnerability, cve, medium-severity, cwe-248 https://shimiscyberworld.com/posts/nvd-CVE-2026-42410/ Shimi's Cyber World en 2026-04-27T15:16:23+03:00 CVE-2026-42410 — CodexThemes TheGem Theme Elements (For Elementor) Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/telegram-1427288221-8835/ Shimi's Cyber World en 2026-04-27T15:04:59+03:00 Mozilla Firefox Fixes 271 Vulnerabilities Using AI Modelisrael https://shimiscyberworld.com/posts/mythos-changed-the-math-on-vulnerability-discovery-most-tea-7jy3i/ Shimi's Cyber World en 2026-04-27T14:58:00+03:00 Anthropic Claude Mythos: AI-Driven Vulnerability Discovery Changes Remediation Maththreat-intel, vulnerability https://shimiscyberworld.com/posts/phantomcore-exploits-trueconf-vulnerabilities-to-breach-russ-evfgj/ Shimi's Cyber World en 2026-04-27T14:54:00+03:00 PhantomCore Exploits TrueConf Vulnerabilities in Russian Networksthreat-intel, vulnerability, data-breach https://shimiscyberworld.com/posts/telegram-1427288221-8834/ Shimi's Cyber World en 2026-04-27T14:31:58+03:00 Medtronic Reports Internal System Access by Unauthorized Partiesisrael https://shimiscyberworld.com/posts/researchers-uncover-73-fake-vs-code-extensions-delivering-gl-2oz21/ Shimi's Cyber World en 2026-04-27T14:23:00+03:00 73 Malicious VS Code Extensions Push GlassWorm v2 Malwarethreat-intel, vulnerability, malware, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-7115/ Shimi's Cyber World en 2026-04-27T14:16:02+03:00 CVE-2026-7115 — Code-Projects Employee Management System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7114/ Shimi's Cyber World en 2026-04-27T14:16:02+03:00 CVE-2026-7114 — An Unknown Part Of The File 370project/Edit.Php SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7113/ Shimi's Cyber World en 2026-04-27T14:16:02+03:00 CVE-2026-7113 — NousResearch Hermes-Agent Vulnerabilityvulnerability, cve, medium-severity, cwe-287, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-22337/ Shimi's Cyber World en 2026-04-27T14:16:01+03:00 Directorist Social Login Flaw CVE-2026-22337 Exposes Critical Privilege Escalationvulnerability, cve, critical, high-severity, privilege-escalation, cwe-266 https://shimiscyberworld.com/posts/nvd-CVE-2026-22336/ Shimi's Cyber World en 2026-04-27T14:16:00+03:00 Directorist Booking SQL Injection Flaw Exposes Critical Datavulnerability, cve, critical, high-severity, sql-injection, cwe-89