https://shimiscyberworld.com/posts/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-n-iu4sj/ Shimi's Cyber World en 2026-05-12T14:29:36+03:00 Shai Hulud Malware Compromises TanStack, Mistral npm Packages in Supply Chain Attackthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-45218/ Shimi's Cyber World en 2026-05-12T14:16:21+03:00 CVE-2026-45218: WP Travel Blind SQL Injection Puts User Data at Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45215/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 CVE-2026-45215 — Saad Iqbal WP EasyPay Wp-Easy-Pay Vulnerabilityvulnerability, cve, medium-severity, cwe-201 https://shimiscyberworld.com/posts/nvd-CVE-2026-45214/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 Xpro Elementor Addons SQL Injection (CVE-2026-45214) Poses High Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45213/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 BEAR Woo-Bulk-Editor SQLi Puts WooCommerce Stores at Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45212/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 CVE-2026-45212 — Gabe Livan Asset CleanUp: Page Speed Booster Wp-Asset-Clean- Vulnerabilityvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-45211/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 APIExperts Square for WooCommerce SQLi (CVE-2026-45211) Exposes E-commerce Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45210/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 CVE-2026-45210 — Broadstreet Broadstreet Ads Broadstreet Vulnerabilityvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-42742/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 Aman Views for WPForms Vulnerability Allows Blind SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-42741/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 Ninja Forms Views Blind SQL Injection (CVE-2026-42741) — High Severityvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-41713/ Shimi's Cyber World en 2026-05-12T14:16:19+03:00 CVE-2026-41713: High-Severity AI Model Manipulation Vulnerabilityvulnerability, cve, high-severity, cwe-1336 https://shimiscyberworld.com/posts/nvd-CVE-2026-41712/ Shimi's Cyber World en 2026-05-12T14:16:19+03:00 Spring AI Chat Memory Vulnerability Exposes User Datavulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-2465/ Shimi's Cyber World en 2026-05-12T14:16:19+03:00 Turboard FOR-S Privilege Escalation via Incorrect Authorization (CVE-2026-2465)vulnerability, cve, high-severity, privilege-escalation, cwe-863 https://shimiscyberworld.com/posts/sap-fixes-critical-vulnerabilities-in-commerce-cloud-and-s-4-p44lq/ Shimi's Cyber World en 2026-05-12T14:04:55+03:00 SAP Patches Critical Flaws in Commerce Cloud and S/4HANAthreat-intel, data-breach, malware, cloud, tools https://shimiscyberworld.com/posts/why-agentic-ai-is-security-s-next-blind-spot-5dlko/ Shimi's Cyber World en 2026-05-12T13:30:00+03:00 Agentic AI: Security's Next Blind Spot Already in Productionthreat-intel, vulnerability, the-hacker-news https://shimiscyberworld.com/posts/nvd-CVE-2026-6001/ Shimi's Cyber World en 2026-05-12T13:16:48+03:00 CVE-2026-6001: ABIS BAPSİS Authorization Bypass Exposes Trusted Identifiersvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44412/ Shimi's Cyber World en 2026-05-12T13:16:46+03:00 Solid Edge SE2026 Vulnerability Allows Code Execution via PAR Filesvulnerability, cve, high-severity, stack-based-buffer-overflow, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-44411/ Shimi's Cyber World en 2026-05-12T13:16:46+03:00 Solid Edge SE2026 Vulnerability Allows Code Execution via PAR Filesvulnerability, cve, high-severity, cwe-824 https://shimiscyberworld.com/posts/nvd-CVE-2026-41551/ Shimi's Cyber World en 2026-05-12T13:16:46+03:00 CVE-2026-41551: Critical Path Traversal in ROS# Exposes Arbitrary Filesvulnerability, cve, critical, high-severity, path-traversal, cwe-23 https://shimiscyberworld.com/posts/nvd-CVE-2026-33893/ Shimi's Cyber World en 2026-05-12T13:16:45+03:00 CVE-2026-33893: Siemens Teamcenter Hardcoded Key Exposes Unauthorized Accessvulnerability, cve, high-severity, cwe-798 https://shimiscyberworld.com/posts/nvd-CVE-2026-27662/ Shimi's Cyber World en 2026-05-12T13:16:45+03:00 CVE-2026-27662: Control Panel Exposes Web Browser, High Severityvulnerability, cve, high-severity, cwe-1188 https://shimiscyberworld.com/posts/nvd-CVE-2026-25787/ Shimi's Cyber World en 2026-05-12T13:16:44+03:00 CVE-2026-25787: Critical XSS in Motion Control Diagnosticsvulnerability, cve, critical, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-25786/ Shimi's Cyber World en 2026-05-12T13:16:44+03:00 CVE-2026-25786: Critical XSS in PLC/Station Name Fieldvulnerability, cve, critical, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-22925/ Shimi's Cyber World en 2026-05-12T13:16:44+03:00 SIMATIC CN 4100 DoS Vulnerability: CVE-2026-22925 Poses High Riskvulnerability, cve, high-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-22924/ Shimi's Cyber World en 2026-05-12T13:16:43+03:00 SIMATIC CN 4100 Critical Vulnerability: Unauthenticated Resource Exhaustionvulnerability, cve, critical, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2025-6577/ Shimi's Cyber World en 2026-05-12T13:16:43+03:00 Akilli Commerce E-Commerce Website SQLi Vulnerability (CVE-2025-6577)vulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2025-40949/ Shimi's Cyber World en 2026-05-12T13:16:43+03:00 CVE-2025-40949: Critical RUGGEDCOM ROX Command Injectionvulnerability, cve, critical, high-severity, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2025-40947/ Shimi's Cyber World en 2026-05-12T13:16:43+03:00 RUGGEDCOM ROX RCE via Feature Key Installation (CVE-2025-40947)vulnerability, cve, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2025-40946/ Shimi's Cyber World en 2026-05-12T13:16:42+03:00 CVE-2025-40946: KACO new energy Inverter Credential Derivation Flawvulnerability, cve, high-severity, cwe-321 https://shimiscyberworld.com/posts/nvd-CVE-2025-40833/ Shimi's Cyber World en 2026-05-12T13:16:41+03:00 CVE-2025-40833: IPv4 Null Pointer Dereference Triggers DoSvulnerability, cve, high-severity, denial-of-service, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-7661/ Shimi's Cyber World en 2026-05-12T12:16:58+03:00 CVE-2026-7661 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-7659/ Shimi's Cyber World en 2026-05-12T12:16:57+03:00 CVE-2026-7659 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6913/ Shimi's Cyber World en 2026-05-12T12:16:56+03:00 CVE-2026-6913 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6690/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 LifePress Plugin XSS: Unauthenticated Attackers Inject Malicious Scriptsvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6256/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 CVE-2026-6256 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6247/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 CVE-2026-6247 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6237/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 CVE-2026-6237 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5715/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 CVE-2026-5715 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5340/ Shimi's Cyber World en 2026-05-12T12:16:54+03:00 CVE-2026-5340 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5028/ Shimi's Cyber World en 2026-05-12T12:16:54+03:00 CVE-2026-5028 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-4920/ Shimi's Cyber World en 2026-05-12T12:16:54+03:00 CVE-2026-4920 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-4859/ Shimi's Cyber World en 2026-05-12T12:16:54+03:00 CVE-2026-4859 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-39432/ Shimi's Cyber World en 2026-05-12T12:16:40+03:00 CVE-2026-39432: Timetics Plugin Missing Authorization Exposes Access Controlsvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-2993/ Shimi's Cyber World en 2026-05-12T12:16:40+03:00 WordPress AIWU Plugin SQLi: Unauthenticated Data Extractionvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-2300/ Shimi's Cyber World en 2026-05-12T12:16:39+03:00 CVE-2026-2300 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/mini-shai-hulud-worm-compromises-tanstack-mistral-ai-guard-k2810/ Shimi's Cyber World en 2026-05-12T11:50:00+03:00 Mini Shai-Hulud Worm Hits TanStack, Mistral AI, Guardrails AI Packagesthreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/instructure-reaches-ransom-agreement-with-shinyhunters-to-st-xfe90/ Shimi's Cyber World en 2026-05-12T10:37:00+03:00 Instructure Reaches Ransom Agreement with ShinyHunters to Stop Canvas Leakthreat-intel, vulnerability, ransomware, data-breach, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-1681/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-1681 — Issuing an ICMP ping via the `net ping` shell command to avulnerability, cve, medium-severity, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-1185/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-1185 — Code Executionvulnerability, cve, medium-severity, code-execution, cwe-732 https://shimiscyberworld.com/posts/nvd-CVE-2026-0804/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-0804 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-35 https://shimiscyberworld.com/posts/nvd-CVE-2026-0802/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-0802 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-1287 https://shimiscyberworld.com/posts/nvd-CVE-2026-0541/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-0541 — Privilege Escalationvulnerability, cve, medium-severity, privilege-escalation, cwe-732 https://shimiscyberworld.com/posts/cushman-wakefield-310-431-breached-accounts-ak8xd/ Shimi's Cyber World en 2026-05-12T09:58:16+03:00 Cushman & Wakefield Suffers ShinyHunters Data Extortion, 310K Accounts Breacheddata-breach, threat-intel https://shimiscyberworld.com/posts/openai-launches-daybreak-for-ai-powered-vulnerability-detect-sfxld/ Shimi's Cyber World en 2026-05-12T09:55:00+03:00 OpenAI Launches Daybreak for AI-Powered Vulnerability Detectionthreat-intel, vulnerability, ai-security https://shimiscyberworld.com/posts/nvd-CVE-2026-41872/ Shimi's Cyber World en 2026-05-12T09:16:09+03:00 CVE-2026-41872: Kura Sushi App Vulnerable to MITM via Improper Certificate Validationvulnerability, cve, high-severity, cwe-295 https://shimiscyberworld.com/posts/ios-26-5-brings-default-end-to-end-encrypted-rcs-messaging-b-69skb/ Shimi's Cyber World en 2026-05-12T08:18:00+03:00 Apple iOS 26.5 Brings End-to-End Encrypted RCS Messagingthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/telegram-1707304340-2315/ Shimi's Cyber World en 2026-05-12T08:03:16+03:00 SMS-Based Disinformation Campaign Targets Mobile Usersisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-7287/ Shimi's Cyber World en 2026-05-12T07:16:29+03:00 Zyxel NWA1100-N Firmware DoS: CVE-2026-7287 Buffer Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7257/ Shimi's Cyber World en 2026-05-12T07:16:29+03:00 CVE-2026-7257 — The Configuration File Of Zyxel WRE6505 Vulnerabilityvulnerability, cve, medium-severity, cwe-922 https://shimiscyberworld.com/posts/nvd-CVE-2026-7256/ Shimi's Cyber World en 2026-05-12T07:16:29+03:00 Zyxel WRE6505 v2: High-Severity Command Injection Vulnerabilityvulnerability, cve, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7255/ Shimi's Cyber World en 2026-05-12T07:16:29+03:00 CVE-2026-7255 — The Web Management Interface Of Zyxel WRE6505 Vulnerabilityvulnerability, cve, medium-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2026-45430/ Shimi's Cyber World en 2026-05-12T07:16:28+03:00 CVE-2026-45430: Backdrop CMS Salesforce Module CSRF Riskvulnerability, cve, high-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-40137/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40137 — SAP TAF_APPLAUNCHER within Business Server Pages allows anvulnerability, cve, medium-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-40136/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40136 — SAP Financial Consolidation allows an authenticatedvulnerability, cve, medium-severity, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-40135/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40135 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-40134/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40134 — Due to insufficient authorization checks in the SAPvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40133/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40133 — Due to missing authorization check in SAP S/4HANA Conditionvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40132/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40132 — Due to missing authorization check in SAP Strategicvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40129/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 CVE-2026-40129 — SAP Application Server ABAP For SAP NetWeaver And ABAP Platf Vulnerabilityvulnerability, cve, medium-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-34263/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 SAP Commerce Cloud: Critical RCE via Spring Security Misconfigurationvulnerability, cve, critical, high-severity, code-execution, cwe-459 https://shimiscyberworld.com/posts/nvd-CVE-2026-34260/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 SAP S/4HANA SQLi: Critical Flaw Exposes Data, Risks Availabilityvulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-34259/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 SAP Forecasting & Replenishment OS Command Execution (CVE-2026-34259)vulnerability, cve, high-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-34258/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 CVE-2026-34258 — SAPUI5 (Search UI) allows an unauthenticated attacker tovulnerability, cve, medium-severity, cwe-451 https://shimiscyberworld.com/posts/nvd-CVE-2026-27682/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 CVE-2026-27682 — SAP NetWeaver Application Server ABAP (Applications Based On Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-0502/ Shimi's Cyber World en 2026-05-12T06:16:10+03:00 CVE-2026-0502 — Due to insufficient CSRF protection in SAP BusinessObjectsvulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-45321/ Shimi's Cyber World en 2026-05-12T04:16:46+03:00 CVE-2026-45321: TanStack npm Packages Hit by Critical Supply Chain Attackvulnerability, cve, critical, high-severity, cwe-506 https://shimiscyberworld.com/posts/nvd-CVE-2026-8349/ Shimi's Cyber World en 2026-05-12T03:17:03+03:00 CVE-2026-8349 — Omec-Project Amf Vulnerabilityvulnerability, cve, medium-severity, cwe-119 https://shimiscyberworld.com/posts/nvd-CVE-2026-8346/ Shimi's Cyber World en 2026-05-12T03:17:03+03:00 CVE-2026-8346 — D-Link DIR-816 1.10CNB05_R1B011D88210 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-8345/ Shimi's Cyber World en 2026-05-12T02:20:22+03:00 CVE-2026-8345 — D-Link DIR-816 1.10CNB05_R1B011D88210 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-43914/ Shimi's Cyber World en 2026-05-12T02:20:22+03:00 Vaultwarden CVE-2026-43914: Brute-Force Bypass via 2FA Emailvulnerability, cve, high-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2026-43913/ Shimi's Cyber World en 2026-05-12T02:20:22+03:00 Vaultwarden CVE-2026-43913: Unconfirmed Owners Can Purge Vaultsvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-43912/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 Vaultwarden CVE-2026-43912 Allows Org Data Access via Group Management Flawvulnerability, cve, high-severity, cwe-285 https://shimiscyberworld.com/posts/nvd-CVE-2026-43911/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 CVE-2026-43911 — Vaultwarden is a Bitwarden-compatible server written invulnerability, cve, medium-severity, cwe-613 https://shimiscyberworld.com/posts/nvd-CVE-2026-43901/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 CVE-2026-43901 — Wireshark MCP is an MCP Server that turns tshark into avulnerability, cve, medium-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-43900/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 CVE-2026-43900: DeepChat XSS Bypass Threatens AI Implementationsvulnerability, cve, critical, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-43899/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 CVE-2026-43899: DeepChat RCE Via Incomplete Patch for External Protocol Executionvulnerability, cve, critical, high-severity, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-34963/ Shimi's Cyber World en 2026-05-12T02:19:47+03:00 CVE-2026-34963: barebox EFI PE Loader Memory Safety Flawsvulnerability, cve, high-severity, code-execution, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-34962/ Shimi's Cyber World en 2026-05-12T02:19:47+03:00 CVE-2026-34962 — barebox version prior to 2026.04.0 contains avulnerability, cve, medium-severity, cwe-835 https://shimiscyberworld.com/posts/nvd-CVE-2026-8344/ Shimi's Cyber World en 2026-05-12T01:22:14+03:00 CVE-2026-8344 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-43893/ Shimi's Cyber World en 2026-05-12T01:22:14+03:00 CVE-2026-43893: ExifTool Argument Injection Threatens File Operationsvulnerability, cve, high-severity, remote-code-execution, cwe-88 https://shimiscyberworld.com/posts/nvd-CVE-2026-43890/ Shimi's Cyber World en 2026-05-12T01:22:13+03:00 Outline CVE-2026-43890: Authorization Bypass Exposes Documentsvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-43889/ Shimi's Cyber World en 2026-05-12T01:22:13+03:00 CVE-2026-43889 — Outline is a service that allows for collaborativevulnerability, cve, medium-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-43888/ Shimi's Cyber World en 2026-05-12T01:22:13+03:00 Outline Service Vulnerability CVE-2026-43888 Allows Directory Traversalvulnerability, cve, high-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-43887/ Shimi's Cyber World en 2026-05-12T01:22:13+03:00 Outline Collaboration Service Vulnerability Allows Client-Side Code Executionvulnerability, cve, high-severity, code-execution, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-43886/ Shimi's Cyber World en 2026-05-12T01:22:13+03:00 Outline Service Vulnerability Elevates OAuth Tokens to Full API Accessvulnerability, cve, high-severity, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-43884/ Shimi's Cyber World en 2026-05-12T01:22:13+03:00 WWBN AVideo SSRF Bypass via Redirects (CVE-2026-43884)vulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-43876/ Shimi's Cyber World en 2026-05-12T01:22:11+03:00 CVE-2026-43876 — WWBN AVideo is an open source video platform. In versionsvulnerability, cve, medium-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-43875/ Shimi's Cyber World en 2026-05-12T01:22:11+03:00 CVE-2026-43875 — WWBN AVideo is an open source video platform. In versionsvulnerability, cve, medium-severity, cwe-598 https://shimiscyberworld.com/posts/nvd-CVE-2026-43873/ Shimi's Cyber World en 2026-05-12T01:22:11+03:00 WWBN AVideo CVE-2026-43873: Shared Secret Leak Exposes Databasesvulnerability, cve, high-severity, cwe-209 https://shimiscyberworld.com/posts/nvd-CVE-2026-42564/ Shimi's Cyber World en 2026-05-12T01:22:11+03:00 jotty·page Path Traversal Vulnerability (CVE-2026-42564) Exposes Datavulnerability, cve, high-severity, path-traversal, cwe-22, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-42046/ Shimi's Cyber World en 2026-05-12T01:22:11+03:00 CVE-2026-42046: libcaca Integer Overflow Resurfaces, RCE Riskvulnerability, cve, high-severity, remote-code-execution, cwe-122, cwe-190, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-34961/ Shimi's Cyber World en 2026-05-12T01:22:11+03:00 CVE-2026-34961 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-34960/ Shimi's Cyber World en 2026-05-12T01:22:10+03:00 CVE-2026-34960 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-125 https://shimiscyberworld.com/posts/official-checkmarx-jenkins-package-compromised-with-infostea-lxem8/ Shimi's Cyber World en 2026-05-12T01:03:06+03:00 Checkmarx Jenkins Plugin Compromised with Infostealerthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/new-ghostlock-tool-abuses-windows-api-to-block-file-access-qpjah/ Shimi's Cyber World en 2026-05-12T01:02:00+03:00 GhostLock Tool Abuses Windows API to Block File Accessthreat-intel, data-breach, malware, microsoft, tools https://shimiscyberworld.com/posts/inside-ad-cs-escalation-unpacking-advanced-misuse-technique-pl1qr/ Shimi's Cyber World en 2026-05-12T01:00:43+03:00 AD CS Exploitation: Misconfigurations and Shadow Credentials Under Attackthreat-intel, apt, malware, research, vulnerability, identity, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-43874/ Shimi's Cyber World en 2026-05-12T00:19:02+03:00 CVE-2026-43874: WWBN AVideo WebSocket Vulnerability Allows RCEvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41489/ Shimi's Cyber World en 2026-05-12T00:19:00+03:00 Pi-hole Privilege Escalation via Systemd Scripts (CVE-2026-41489)vulnerability, cve, high-severity, privilege-escalation, cwe-15, cwe-269, cwe-732 https://shimiscyberworld.com/posts/nvd-CVE-2026-8321/ Shimi's Cyber World en 2026-05-11T23:25:48+03:00 CVE-2026-8321: Inkeep Agents Authentication Bypass Vulnerabilityvulnerability, cve, high-severity, authentication-bypass, cwe-287, cwe-288 https://shimiscyberworld.com/posts/nvd-CVE-2026-8320/ Shimi's Cyber World en 2026-05-11T23:25:48+03:00 CVE-2026-8320 — Jishenghua JshERP Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-8319/ Shimi's Cyber World en 2026-05-11T23:25:48+03:00 CVE-2026-8319 — A weakness has been identified in aiwaves-cn agents up tovulnerability, cve, medium-severity, cwe-400, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-45026/ Shimi's Cyber World en 2026-05-11T23:25:47+03:00 CVE-2026-45026 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-45025/ Shimi's Cyber World en 2026-05-11T23:25:46+03:00 CVE-2026-45025 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42887/ Shimi's Cyber World en 2026-05-11T23:25:45+03:00 CVE-2026-42887 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42886/ Shimi's Cyber World en 2026-05-11T23:25:45+03:00 CVE-2026-42886 — Audiobookshelf is a self-hosted audiobook and podcastvulnerability, cve, medium-severity, cwe-409 https://shimiscyberworld.com/posts/nvd-CVE-2026-42883/ Shimi's Cyber World en 2026-05-11T23:25:44+03:00 CVE-2026-42883 — Audiobookshelf is a self-hosted audiobook and podcastvulnerability, cve, medium-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42882/ Shimi's Cyber World en 2026-05-11T23:25:44+03:00 oxyno-zeta/s3-proxy Critical Auth Bypass (CVE-2026-42882)vulnerability, cve, critical, high-severity, path-traversal, cwe-22, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42876/ Shimi's Cyber World en 2026-05-11T23:25:44+03:00 CVE-2026-42876 — External Secrets Operator reads information from avulnerability, cve, medium-severity, cwe-285 https://shimiscyberworld.com/posts/nvd-CVE-2026-42872/ Shimi's Cyber World en 2026-05-11T23:25:43+03:00 CVE-2026-42872 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42869/ Shimi's Cyber World en 2026-05-11T23:25:43+03:00 CVE-2026-42869: SOCFortress CoPilot Critical Auth Bypassvulnerability, cve, critical, high-severity, cwe-287, cwe-522, cwe-798 https://shimiscyberworld.com/posts/nvd-CVE-2026-42565/ Shimi's Cyber World en 2026-05-11T23:25:42+03:00 CVE-2026-42565 — Open Redirectvulnerability, cve, medium-severity, open-redirect, cwe-601 https://shimiscyberworld.com/posts/nvd-CVE-2026-42050/ Shimi's Cyber World en 2026-05-11T23:25:42+03:00 CVE-2026-42050 — ImageMagick is free and open-source software used forvulnerability, cve, medium-severity, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-2614/ Shimi's Cyber World en 2026-05-11T23:25:41+03:00 MLflow Arbitrary File Read Vulnerability Bypasses Path Validationvulnerability, cve, high-severity, arbitrary-file-access, cwe-22 https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-11T23:00:00+03:00 Daily Security Digest — 2026-05-11daily-digest, vulnerability, cve, high-severity, improper-access-control, cwe-184, cwe-918, cwe-441, cwe-863, cwe-306 https://shimiscyberworld.com/posts/texas-sues-netflix-over-alleged-data-practices-that-create-dikbm/ Shimi's Cyber World en 2026-05-11T22:56:00+03:00 Texas Sues Netflix for Alleged Data 'Surveillance Machinery'threat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-8318/ Shimi's Cyber World en 2026-05-11T22:16:29+03:00 CVE-2026-8318 — VectifyAI PageIndex Vulnerabilityvulnerability, cve, medium-severity, cwe-404, cwe-835 https://shimiscyberworld.com/posts/nvd-CVE-2026-45224/ Shimi's Cyber World en 2026-05-11T22:16:28+03:00 Crabbox Path Traversal (CVE-2026-45224) Enables Arbitrary File Deletionvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-45223/ Shimi's Cyber World en 2026-05-11T22:16:28+03:00 CVE-2026-45223: Crabbox Authentication Bypass Allows Admin Privilege Escalationvulnerability, cve, high-severity, authentication-bypass, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2026-45222/ Shimi's Cyber World en 2026-05-11T22:16:27+03:00 CVE-2026-45222 — Summarize versions through 0.14.1, fixed in commit 0cfb0fb,vulnerability, cve, medium-severity, cwe-732 https://shimiscyberworld.com/posts/nvd-CVE-2026-42864/ Shimi's Cyber World en 2026-05-11T22:16:24+03:00 CVE-2026-42864: Unauthenticated RCE in FireFighter Incident Management Appvulnerability, cve, critical, high-severity, cwe-306, cwe-918 https://shimiscyberworld.com/posts/telegram-1542954397-4577/ Shimi's Cyber World en 2026-05-11T22:11:31+03:00 Trump Mobile T1 and $TRUMP Memecoin: A Brand Power Illusion https://shimiscyberworld.com/posts/nvd-CVE-2026-8305/ Shimi's Cyber World en 2026-05-11T21:16:44+03:00 OpenClaw Improper Authentication: CVE-2026-8305 Publicly Exploitablevulnerability, cve, high-severity, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-45006/ Shimi's Cyber World en 2026-05-11T21:16:40+03:00 OpenClaw Improper Access Control Bypasses Denylist, Allows Persistent Malicious Configsvulnerability, cve, high-severity, improper-access-control, cwe-184 https://shimiscyberworld.com/posts/nvd-CVE-2026-45004/ Shimi's Cyber World en 2026-05-11T21:16:40+03:00 OpenClaw RCE: Arbitrary Code Execution via Plugin Setup Resolvervulnerability, cve, high-severity, code-execution, cwe-427 https://shimiscyberworld.com/posts/nvd-CVE-2026-45001/ Shimi's Cyber World en 2026-05-11T21:16:40+03:00 OpenClaw CVE-2026-45001: Gateway Bypass Exposes Operator Settingsvulnerability, cve, high-severity, server-side-request-forgery, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44995/ Shimi's Cyber World en 2026-05-11T21:16:39+03:00 OpenClaw CVE-2026-44995: Arbitrary Code Execution via Environment Variable Flawvulnerability, cve, high-severity, cwe-829 https://shimiscyberworld.com/posts/nvd-CVE-2026-44413/ Shimi's Cyber World en 2026-05-11T21:16:38+03:00 JetBrains TeamCity CVE-2026-44413: Authenticated Exposure of Server APIvulnerability, cve, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-43640/ Shimi's Cyber World en 2026-05-11T21:16:37+03:00 Bitwarden Server CVE-2026-43640: SCIM API Key Exposed Without Re-Authvulnerability, cve, high-severity, cwe-303 https://shimiscyberworld.com/posts/nvd-CVE-2026-43639/ Shimi's Cyber World en 2026-05-11T21:16:36+03:00 Bitwarden Server CVE-2026-43639 Allows Organization Takeover on Cloudvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-42860/ Shimi's Cyber World en 2026-05-11T21:16:36+03:00 Open edX Enterprise Service Vulnerability Allows SSRF via SAML Metadatavulnerability, cve, high-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42858/ Shimi's Cyber World en 2026-05-11T21:16:36+03:00 Open edX Platform SSRF via Unvalidated URL Parameter (CVE-2026-42858)vulnerability, cve, high-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42315/ Shimi's Cyber World en 2026-05-11T21:16:35+03:00 CVE-2026-42315: pyLoad Directory Traversal Puts Data at Riskvulnerability, cve, high-severity, cwe-22, cwe-36 https://shimiscyberworld.com/posts/nvd-CVE-2026-42313/ Shimi's Cyber World en 2026-05-11T21:16:34+03:00 CVE-2026-42313: pyLoad Proxy Bypass Exposes Outbound Trafficvulnerability, cve, high-severity, cwe-441, cwe-863, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42312/ Shimi's Cyber World en 2026-05-11T21:16:34+03:00 CVE-2026-42312 — pyLoad is a free and open-source download manager writtenvulnerability, cve, medium-severity, cwe-295, cwe-306, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41431/ Shimi's Cyber World en 2026-05-11T21:16:34+03:00 CVE-2026-41431: Zen Browser Updater Strips Signature Verificationvulnerability, cve, high-severity, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-2393/ Shimi's Cyber World en 2026-05-11T21:16:31+03:00 MLflow SSRF Vulnerability (CVE-2026-2393) Exposes Internal Servicesvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/fcc-pushes-ban-on-security-updates-for-foreign-made-routers-190xb/ Shimi's Cyber World en 2026-05-11T19:50:00+03:00 FCC Delays Security Update Ban for Foreign Routers and Drones to 2029threat-intel, data-breach, government, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-7819/ Shimi's Cyber World en 2026-05-11T19:17:39+03:00 pgAdmin 4 Path Traversal (CVE-2026-7819) Allows Arbitrary File Writesvulnerability, cve, high-severity, path-traversal https://shimiscyberworld.com/posts/nvd-CVE-2026-7818/ Shimi's Cyber World en 2026-05-11T19:17:38+03:00 CVE-2026-7818: pgAdmin 4 Deserialization Flaw Allows RCEvulnerability, cve, high-severity, remote-code-execution https://shimiscyberworld.com/posts/nvd-CVE-2026-7817/ Shimi's Cyber World en 2026-05-11T19:17:38+03:00 CVE-2026-7817 — PgAdmin 4: Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery https://shimiscyberworld.com/posts/nvd-CVE-2026-7816/ Shimi's Cyber World en 2026-05-11T19:17:38+03:00 pgAdmin 4 CVE-2026-7816: OS Command Injection via Query Exportvulnerability, cve, high-severity, command-injection https://shimiscyberworld.com/posts/nvd-CVE-2026-7815/ Shimi's Cyber World en 2026-05-11T19:17:37+03:00 pgAdmin 4 SQLi (CVE-2026-7815) Allows RCE on PostgreSQL Serversvulnerability, cve, high-severity, sql-injection https://shimiscyberworld.com/posts/nvd-CVE-2026-7813/ Shimi's Cyber World en 2026-05-11T19:17:37+03:00 CVE-2026-7813: Critical Authorization Bypass in pgAdmin 4 Server Modevulnerability, cve, critical, high-severity, privilege-escalation https://shimiscyberworld.com/posts/nvd-CVE-2026-44200/ Shimi's Cyber World en 2026-05-11T19:17:35+03:00 CVE-2026-44200 — Wagtail is an open source content management system builtvulnerability, cve, medium-severity, cwe-280 https://shimiscyberworld.com/posts/nvd-CVE-2026-44199/ Shimi's Cyber World en 2026-05-11T19:17:35+03:00 CVE-2026-44199 — Wagtail is an open source content management system builtvulnerability, cve, medium-severity, cwe-280 https://shimiscyberworld.com/posts/nvd-CVE-2026-44197/ Shimi's Cyber World en 2026-05-11T19:17:34+03:00 CVE-2026-44197 — Wagtail is an open source content management system builtvulnerability, cve, medium-severity, cwe-280 https://shimiscyberworld.com/posts/nvd-CVE-2026-42613/ Shimi's Cyber World en 2026-05-11T19:17:34+03:00 Grav Critical Vulnerability Allows Unauthenticated Admin Accessvulnerability, cve, critical, high-severity, cwe-20, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-42612/ Shimi's Cyber World en 2026-05-11T19:17:34+03:00 Grav XSS Vulnerability (CVE-2026-42612) Allows Publisher Account Takeovervulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42611/ Shimi's Cyber World en 2026-05-11T19:17:34+03:00 Grav XSS Escalates to RCE via Admin Panelvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42610/ Shimi's Cyber World en 2026-05-11T19:17:33+03:00 CVE-2026-42610 — Grav is a file-based Web platform. Prior to 2.0.0-beta.2, avulnerability, cve, medium-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42609/ Shimi's Cyber World en 2026-05-11T19:17:33+03:00 Grav Admin Panel Vulnerability Allows Account Takeover via Low-Privilege Uservulnerability, cve, high-severity, denial-of-service, cwe-269, cwe-285, cwe-639, cwe-837 https://shimiscyberworld.com/posts/nvd-CVE-2026-42607/ Shimi's Cyber World en 2026-05-11T19:17:32+03:00 Grav RCE via Malicious Plugin Upload (CVE-2026-42607)vulnerability, cve, critical, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/hackers-used-ai-to-develop-first-known-zero-day-2fa-bypass-f-og1av/ Shimi's Cyber World en 2026-05-11T18:45:00+03:00 AI-Developed Zero-Day Bypasses 2FA, Google Confirmsthreat-intel, vulnerability, ai-security https://shimiscyberworld.com/posts/nvd-CVE-2026-8290/ Shimi's Cyber World en 2026-05-11T17:16:34+03:00 CVE-2026-8290 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8289/ Shimi's Cyber World en 2026-05-11T17:16:34+03:00 CVE-2026-8289 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-4802/ Shimi's Cyber World en 2026-05-11T17:16:31+03:00 Cockpit CVE-2026-4802: Remote Command Execution via Unsanitized Logsvulnerability, cve, high-severity, cwe-78 https://shimiscyberworld.com/posts/build-application-firewalls-aim-to-stop-the-next-supply-chai-yciiv/ Shimi's Cyber World en 2026-05-11T17:06:01+03:00 Build Application Firewalls to Stop Supply Chain Attacksthreat-intel, vulnerability, securityweek https://shimiscyberworld.com/posts/nvd-CVE-2026-8288/ Shimi's Cyber World en 2026-05-11T16:16:12+03:00 CVE-2026-8288 — The Function Gsm_handle_pdu_session_modification_qos_flow_de Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/google-detects-first-ai-generated-zero-day-exploit-3kggl/ Shimi's Cyber World en 2026-05-11T16:04:21+03:00 Google Detects First AI-Generated Zero-Day Exploit Bypassing 2FAthreat-intel, vulnerability https://shimiscyberworld.com/posts/google-hackers-used-ai-to-develop-zero-day-exploit-for-web-zh0um/ Shimi's Cyber World en 2026-05-11T16:02:30+03:00 Google: AI Used to Develop Zero-Day Exploit for Web Admin Toolthreat-intel, data-breach, malware, vulnerability, tools https://shimiscyberworld.com/posts/uk-water-company-allowed-hackers-to-lurk-undetected-for-near-baqhq/ Shimi's Cyber World en 2026-05-11T15:51:00+03:00 Cl0p Ransomware: UK Water Company Fined for Two-Year Undetected Breachthreat-intel, data-breach, government, malware, ransomware, microsoft https://shimiscyberworld.com/posts/weekly-recap-linux-rootkit-macos-crypto-stealer-websock-h9uws/ Shimi's Cyber World en 2026-05-11T15:36:00+03:00 Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers Emergethreat-intel, vulnerability, malware, cloud https://shimiscyberworld.com/posts/dirty-frag-linux-kernel-hit-by-second-major-security-flaw-i-mmuax/ Shimi's Cyber World en 2026-05-11T15:26:00+03:00 Dirty Frag: Linux Kernel Hit by Second Major Flaw in Weeksthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2025-9973/ Shimi's Cyber World en 2026-05-11T15:16:11+03:00 CVE-2025-9973 — Privilege Escalationvulnerability, cve, medium-severity, privilege-escalation https://shimiscyberworld.com/posts/nvd-CVE-2025-10470/ Shimi's Cyber World en 2026-05-11T15:16:10+03:00 CVE-2025-10470: Magic Link DoS via Uncontrolled Memory Growthvulnerability, cve, high-severity, cwe-400 https://shimiscyberworld.com/posts/telegram-1427288221-8911/ Shimi's Cyber World en 2026-05-11T15:09:37+03:00 Nitrogen Group Claims Major Foxconn Data Breach, Affecting Apple, Google, Nvidia Supply Chainsisrael https://shimiscyberworld.com/posts/skoda-data-breach-hits-online-shop-customers-3cpgk/ Shimi's Cyber World en 2026-05-11T14:54:27+03:00 Skoda Data Breach Exposes Online Shop Customer Datathreat-intel, vulnerability, data-breach https://shimiscyberworld.com/posts/your-purple-team-isn-t-purple-it-s-just-red-and-blue-in-th-82xug/ Shimi's Cyber World en 2026-05-11T14:30:00+03:00 Purple Teaming: Not Just Red and Blue in the Same Roomthreat-intel, vulnerability, the-hacker-news https://shimiscyberworld.com/posts/sailpoint-discloses-github-repository-hack-llfmw/ Shimi's Cyber World en 2026-05-11T13:52:23+03:00 SailPoint GitHub Repository Hacked, No Customer Data Impactedthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-41951/ Shimi's Cyber World en 2026-05-11T13:16:13+03:00 GROWI Path Traversal (CVE-2026-41951) Allows EJS Template Executionvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-40636/ Shimi's Cyber World en 2026-05-11T13:16:13+03:00 Dell ECS, ObjectScale Hit by Critical Hard-Coded Credential Flawvulnerability, cve, critical, high-severity, cwe-798 https://shimiscyberworld.com/posts/nvd-CVE-2026-35157/ Shimi's Cyber World en 2026-05-11T13:16:13+03:00 CVE-2026-35157 — The UI. An Unauthenticated Attacker With Remote Access Vulnerabilityvulnerability, cve, medium-severity, cwe-1236 https://shimiscyberworld.com/posts/nvd-CVE-2026-32658/ Shimi's Cyber World en 2026-05-11T13:16:13+03:00 Dell Automation Platform: Missing Authorization Vulnerability (CVE-2026-32658)vulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-26946/ Shimi's Cyber World en 2026-05-11T13:16:13+03:00 CVE-2026-26946 — The OS. A High Privileged Attacker With Local Access Vulnerabilityvulnerability, cve, medium-severity, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2025-8325/ Shimi's Cyber World en 2026-05-11T13:16:13+03:00 CVE-2025-8325 — Internal Service APIs, Potentially Exposing Them In WSO2 API Vulnerabilityvulnerability, cve, medium-severity, cwe-281 https://shimiscyberworld.com/posts/nvd-CVE-2025-8154/ Shimi's Cyber World en 2026-05-11T13:16:12+03:00 CVE-2025-8154 — In Webhook API invocations, the component acceptsvulnerability, cve, medium-severity, cwe-74 https://shimiscyberworld.com/posts/nvd-CVE-2025-43992/ Shimi's Cyber World en 2026-05-11T13:16:12+03:00 CVE-2025-43992 — Geo Replication. An Unauthenticated Attacker With Remote Acc Authentication Bypassvulnerability, cve, medium-severity, authentication-bypass, cwe-302 https://shimiscyberworld.com/posts/nvd-CVE-2024-0391/ Shimi's Cyber World en 2026-05-11T13:16:11+03:00 CVE-2024-0391 — The check user account lock states feature within the emailvulnerability, cve, medium-severity, cwe-204 https://shimiscyberworld.com/posts/checkmarx-jenkins-ast-plugin-compromised-in-supply-chain-att-z0m7a/ Shimi's Cyber World en 2026-05-11T12:34:55+03:00 Checkmarx Jenkins AST Plugin Hit by Supply Chain Attackthreat-intel, vulnerability https://shimiscyberworld.com/posts/new-dirty-frag-linux-vulnerability-possibly-exploited-in-a-jnol5/ Shimi's Cyber World en 2026-05-11T11:15:28+03:00 New 'Dirty Frag' Linux Vulnerability Exploited Pre-Patchthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-1677/ Shimi's Cyber World en 2026-05-11T09:16:08+03:00 CVE-2026-1677 — Zephyr sockets created with `IPPROTO_TLS_1_3` can stillvulnerability, cve, medium-severity, cwe-757 https://shimiscyberworld.com/posts/telegram-1427288221-8910/ Shimi's Cyber World en 2026-05-11T08:51:01+03:00 TrustedVolumes Crypto Project Suffers $6.7M Theftisrael https://shimiscyberworld.com/posts/telegram-1427288221-8908/ Shimi's Cyber World en 2026-05-11T08:20:24+03:00 US Nationals Jailed for Aiding North Korean IT Worker Fraud Schemeisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-8274/ Shimi's Cyber World en 2026-05-11T08:16:16+03:00 CVE-2026-8274 — Npitre Cramfs-Tools Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-8273/ Shimi's Cyber World en 2026-05-11T08:16:16+03:00 CVE-2026-8273 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-8272/ Shimi's Cyber World en 2026-05-11T08:16:16+03:00 CVE-2026-8272 — D-Link DNS-320 2.06B01 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-8271/ Shimi's Cyber World en 2026-05-11T08:16:16+03:00 CVE-2026-8271 — D-Link DNS-320 2.06B01 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-8270/ Shimi's Cyber World en 2026-05-11T08:16:15+03:00 CVE-2026-8270 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8269/ Shimi's Cyber World en 2026-05-11T08:16:15+03:00 CVE-2026-8269 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/telegram-1542954397-4576/ Shimi's Cyber World en 2026-05-11T07:45:19+03:00 Apple AirPods Cameras: Privacy Nightmare Beyond User Choice https://shimiscyberworld.com/posts/nvd-CVE-2026-8268/ Shimi's Cyber World en 2026-05-11T07:16:20+03:00 CVE-2026-8268 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8267/ Shimi's Cyber World en 2026-05-11T07:16:20+03:00 CVE-2026-8267 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8266/ Shimi's Cyber World en 2026-05-11T07:16:20+03:00 CVE-2026-8266 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8265/ Shimi's Cyber World en 2026-05-11T07:16:19+03:00 CVE-2026-8265 — Tenda AC6 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-8264/ Shimi's Cyber World en 2026-05-11T07:16:17+03:00 CVE-2026-8264 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/telegram-1707304340-2314/ Shimi's Cyber World en 2026-05-11T07:12:10+03:00 ClaudeBleed: Critical Flaw Hijacks Claude's Browser Extensionisrael, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-8263/ Shimi's Cyber World en 2026-05-11T05:16:28+03:00 CVE-2026-8263 — Tenda AC6 15.03.06.49_multi_TDE01 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-8261/ Shimi's Cyber World en 2026-05-11T05:16:27+03:00 CVE-2026-8261 — The Function SQFunctionProto::Load Of The File Squirrel/Sqob Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-119, cwe-122 https://shimiscyberworld.com/posts/nvd-CVE-2026-8260/ Shimi's Cyber World en 2026-05-11T05:16:27+03:00 D-Link DCS-935L CVE-2026-8260: Remote Buffer Overflow in HNAP Servicevulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-8259/ Shimi's Cyber World en 2026-05-11T05:16:27+03:00 CVE-2026-8259 — Tenda AC6 2.0/15.03.06.23 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-8258/ Shimi's Cyber World en 2026-05-11T05:16:27+03:00 CVE-2026-8258 — Squirrel Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-119, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-8252/ Shimi's Cyber World en 2026-05-11T03:16:33+03:00 CVE-2026-8252 — Null Pointer Dereferencevulnerability, cve, medium-severity, null-pointer-dereference, cwe-404, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-8251/ Shimi's Cyber World en 2026-05-11T02:16:27+03:00 CVE-2026-8251 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8250/ Shimi's Cyber World en 2026-05-11T02:16:27+03:00 CVE-2026-8250 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8249/ Shimi's Cyber World en 2026-05-11T02:16:27+03:00 CVE-2026-8249 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8248/ Shimi's Cyber World en 2026-05-11T02:16:27+03:00 CVE-2026-8248 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-10T23:00:00+03:00 Daily Security Digest — 2026-05-10daily-digest, vulnerability, cve, critical, high-severity, cwe-290, privilege-escalation, cwe-862, remote-code-execution, cwe-306 https://shimiscyberworld.com/posts/telegram-1427288221-8905/ Shimi's Cyber World en 2026-05-10T19:01:33+03:00 ShinyHunters Ransomware Disrupts Instructure Canvas, Forces Payoutisrael https://shimiscyberworld.com/posts/nvd-CVE-2022-50944/ Shimi's Cyber World en 2026-05-10T16:16:32+03:00 Aero CMS 0.0.1 Vulnerability Allows Authenticated PHP Code Injectionvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2021-47949/ Shimi's Cyber World en 2026-05-10T16:16:31+03:00 CyberPanel 2.1 RCE via Symlink Attack (CVE-2021-47949)vulnerability, cve, high-severity, arbitrary-file-access, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2021-47943/ Shimi's Cyber World en 2026-05-10T16:16:30+03:00 TextPattern CMS RCE (CVE-2021-47943) Allows Authenticated Attackers to Execute Commandsvulnerability, cve, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2021-47941/ Shimi's Cyber World en 2026-05-10T16:16:30+03:00 WordPress Plugin Survey & Poll SQLi Puts Data at Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2021-47940/ Shimi's Cyber World en 2026-05-10T16:16:30+03:00 WordPress Plugin Download From Files: Critical Unauthenticated File Uploadvulnerability, cve, critical, high-severity, arbitrary-file-access, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2021-47939/ Shimi's Cyber World en 2026-05-10T16:16:30+03:00 Evolution CMS RCE (CVE-2021-47939) Allows Authenticated Code Executionvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2021-47938/ Shimi's Cyber World en 2026-05-10T16:16:30+03:00 ImpressCMS 1.4.2 RCE: Authenticated Attackers Can Execute Arbitrary Codevulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2021-47937/ Shimi's Cyber World en 2026-05-10T16:16:29+03:00 e107 CMS RCE (CVE-2021-47937) Allows Authenticated Theme Uploads to Drop Web Shellsvulnerability, cve, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2021-47936/ Shimi's Cyber World en 2026-05-10T16:16:29+03:00 OpenCATS 0.9.4 Critical RCE via Malicious Resume Uploadsvulnerability, cve, critical, high-severity, remote-code-execution, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2021-47935/ Shimi's Cyber World en 2026-05-10T16:16:29+03:00 Sentry 8.2.0 RCE: Authenticated Superusers Can Execute Arbitrary Codevulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2021-47933/ Shimi's Cyber World en 2026-05-10T16:16:29+03:00 WordPress MStore API Critical RCE: Unauthenticated File Uploadvulnerability, cve, critical, high-severity, remote-code-execution, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2021-47932/ Shimi's Cyber World en 2026-05-10T16:16:29+03:00 WordPress TheCartPress Unauthenticated Admin Creation (CVE-2021-47932)vulnerability, cve, critical, high-severity, privilege-escalation, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2021-47930/ Shimi's Cyber World en 2026-05-10T16:16:29+03:00 CVE-2021-47930: Unauthenticated SQLi in Balbooa Joomla Forms Buildervulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2021-47928/ Shimi's Cyber World en 2026-05-10T16:16:28+03:00 Opencart TMD Vendor System Blind SQLi Exposes User Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2021-47923/ Shimi's Cyber World en 2026-05-10T16:16:28+03:00 OpenCart 3.0.3.8 Session Fixation Vulnerability (CVE-2021-47923) Rated Criticalvulnerability, cve, critical, high-severity, cwe-290 https://shimiscyberworld.com/posts/telegram-1427288221-8904/ Shimi's Cyber World en 2026-05-10T15:39:32+03:00 IDF Certificate Generator Exposes Rank and Unit Creationisrael