https://shimiscyberworld.com/posts/congress-punts-fisa-renewal-to-june-3xl7y/ Shimi's Cyber World en 2026-05-01T00:31:00+03:00 Congress Punts FISA Renewal to June, Raising Surveillance Questionsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7435/ Shimi's Cyber World en 2026-05-01T00:16:34+03:00 SSCMS v7.4.0 SQLi: High-Severity Database Compromise Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6539/ Shimi's Cyber World en 2026-05-01T00:16:33+03:00 CVE-2026-6539 — The Find Results Panel Handler That Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-134 https://shimiscyberworld.com/posts/nvd-CVE-2026-4503/ Shimi's Cyber World en 2026-05-01T00:16:33+03:00 CVE-2026-4503: IBM Langflow Desktop Exposes User Images via IORvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-4502/ Shimi's Cyber World en 2026-05-01T00:16:33+03:00 CVE-2026-4502 — Arbitrary File Accessvulnerability, cve, medium-severity, arbitrary-file-access, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-3346/ Shimi's Cyber World en 2026-05-01T00:16:32+03:00 CVE-2026-3346 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-3340/ Shimi's Cyber World en 2026-05-01T00:16:32+03:00 CVE-2026-3340 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-28532/ Shimi's Cyber World en 2026-05-01T00:16:31+03:00 CVE-2026-28532 — Integer Overflowvulnerability, cve, medium-severity, integer-overflow, cwe-125, cwe-190 https://shimiscyberworld.com/posts/hackers-earning-millions-from-hijacked-cargo-fbi-says-c4fh5/ Shimi's Cyber World en 2026-04-30T23:22:00+03:00 Hackers Hijack Cargo Worth Millions Through System Compromisesthreat-intel, data-breach, government, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-7429/ Shimi's Cyber World en 2026-04-30T23:16:24+03:00 CVE-2026-7429 — The STL Processing Endpoint That Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-04-30T23:00:00+03:00 Daily Security Digest — 2026-04-30daily-digest, vulnerability, cve, high-severity, out-of-bounds-1, cwe-125, path-traversal, cwe-23, null-pointer-dereference, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-7461/ Shimi's Cyber World en 2026-04-30T22:16:10+03:00 CVE-2026-7461: Amazon ECS Agent Vulnerability Allows SYSTEM Privilege Escalationvulnerability, cve, high-severity, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-40904/ Shimi's Cyber World en 2026-04-30T22:16:10+03:00 Chartbrew CVE-2026-40904 Exposes Cross-Project Data in v4.9.0vulnerability, cve, high-severity, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-40603/ Shimi's Cyber World en 2026-04-30T22:16:10+03:00 CVE-2026-40603 — Chartbrew is an open-source web application that canvulnerability, cve, medium-severity, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-40601/ Shimi's Cyber World en 2026-04-30T22:16:10+03:00 Chartbrew CVE-2026-40601: Unauthenticated Data Exposurevulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40600/ Shimi's Cyber World en 2026-04-30T22:16:09+03:00 Chartbrew CVE-2026-40600: Cross-Project SharePolicy Manipulationvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-40595/ Shimi's Cyber World en 2026-04-30T22:16:09+03:00 Chartbrew CVE-2026-40595: Unauthenticated Data Exposure for Hidden Chartsvulnerability, cve, high-severity, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-35514/ Shimi's Cyber World en 2026-04-30T22:16:09+03:00 CVE-2026-35514 — Chartbrew is an open-source web application that canvulnerability, cve, medium-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-3833/ Shimi's Cyber World en 2026-04-30T21:16:30+03:00 CVE-2026-3833 — Gnutls Information Disclosurevulnerability, cve, medium-severity, information-disclosure, cwe-178 https://shimiscyberworld.com/posts/nvd-CVE-2026-36763/ Shimi's Cyber World en 2026-04-30T21:16:29+03:00 CVE-2026-36763 — The /Api/Blade-Desk/Notice/Submit Endpoint Of SpringBlade Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-36761/ Shimi's Cyber World en 2026-04-30T21:16:29+03:00 CVE-2026-36761 — The /Msg/MsgInner/Save Endpoint Of JeeSite Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-33845/ Shimi's Cyber World en 2026-04-30T21:16:28+03:00 GnuTLS Vulnerability CVE-2026-33845: Underflow Leads to Remote Exploitationvulnerability, cve, high-severity, denial-of-service, cwe-191 https://shimiscyberworld.com/posts/telegram-1542954397-4555/ Shimi's Cyber World en 2026-04-30T21:05:57+03:00 Operation PowerOFF's DDoS Honeypot Snares Attackers https://shimiscyberworld.com/posts/nvd-CVE-2025-71284/ Shimi's Cyber World en 2026-04-30T20:16:25+03:00 CVE-2025-71284: Critical RCE in Synway SMG Gateway Management Softwarevulnerability, cve, critical, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2025-51846/ Shimi's Cyber World en 2026-04-30T20:16:25+03:00 CVE-2025-51846: CryptPad Instance Denial-of-Service via WebSocket Floodvulnerability, cve, high-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2022-50993/ Shimi's Cyber World en 2026-04-30T20:16:24+03:00 Weaver E-office RCE: Unauthenticated File Upload Exploit Activevulnerability, cve, critical, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2022-50992/ Shimi's Cyber World en 2026-04-30T20:16:24+03:00 Weaver E-cology Arbitrary File Read via XML-RPC (CVE-2022-50992)vulnerability, cve, high-severity, arbitrary-file-access, cwe-22 https://shimiscyberworld.com/posts/zambia-cancels-global-digital-freedoms-conference-days-befor-5z7o3/ Shimi's Cyber World en 2026-04-30T20:11:00+03:00 Zambia Cancels Digital Freedoms Conference Over Security, Dialogue Concernsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/trump-s-cyber-ambassador-nominee-advances-to-full-senate-vot-27elz/ Shimi's Cyber World en 2026-04-30T19:34:00+03:00 Trump's Cyber Ambassador Nominee Advances to Full Senate Votethreat-intel, data-breach, government https://shimiscyberworld.com/posts/telegram-1542954397-4553/ Shimi's Cyber World en 2026-04-30T19:32:51+03:00 AI Agent Wipes Production Database and Backups for PocketOSidentity, ai-security https://shimiscyberworld.com/posts/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attac-6itos/ Shimi's Cyber World en 2026-04-30T19:32:18+03:00 FBI Warns of Cyber-Enabled Cargo Theft Surge, $725M Losses Projectedthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/pytorch-lightning-compromised-in-pypi-supply-chain-attack-to-u86dg/ Shimi's Cyber World en 2026-04-30T19:31:00+03:00 PyTorch Lightning Compromised in PyPI Supply Chain Attackthreat-intel, vulnerability, identity https://shimiscyberworld.com/posts/france-investigates-15-year-old-over-alleged-hack-of-nationa-qjps2/ Shimi's Cyber World en 2026-04-30T19:28:00+03:00 France Investigates Teen Over National ID Agency Data Breachthreat-intel, data-breach, government, identity https://shimiscyberworld.com/posts/nvd-CVE-2026-5174/ Shimi's Cyber World en 2026-04-30T19:16:44+03:00 MOVEit Automation Privilege Escalation (CVE-2026-5174)vulnerability, cve, high-severity, privilege-escalation, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-4670/ Shimi's Cyber World en 2026-04-30T19:16:44+03:00 MOVEit Automation Critical Authentication Bypass (CVE-2026-4670)vulnerability, cve, critical, high-severity, authentication-bypass, cwe-305 https://shimiscyberworld.com/posts/telegram-1542954397-4552/ Shimi's Cyber World en 2026-04-30T18:20:19+03:00 AI Bots Drive 12X Surge in Daily Attacks, Over Half of Web Traffic is Automatedthreat-intel, the-independent https://shimiscyberworld.com/posts/nvd-CVE-2026-7500/ Shimi's Cyber World en 2026-04-30T18:16:23+03:00 CVE-2026-7500 — When Keycloak is started withvulnerability, cve, medium-severity, cwe-425 https://shimiscyberworld.com/posts/nvd-CVE-2026-7246/ Shimi's Cyber World en 2026-04-30T17:16:36+03:00 Pallets Click CVE-2026-7246: Command Injection from Unprivileged Accountsvulnerability, cve, high-severity, command-injection, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7163/ Shimi's Cyber World en 2026-04-30T17:16:36+03:00 CVE-2026-7163 — The Assisted-Service REST API, An Optional Assisted Installe Vulnerabilityvulnerability, cve, medium-severity, cwe-312 https://shimiscyberworld.com/posts/nvd-CVE-2026-2892/ Shimi's Cyber World en 2026-04-30T17:16:29+03:00 Otter Blocks WordPress Plugin Vulnerable to Purchase Bypass (CVE-2026-2892)vulnerability, cve, high-severity, cwe-285 https://shimiscyberworld.com/posts/threatsday-bulletin-sms-blaster-busts-openemr-flaws-600k-84jfh/ Shimi's Cyber World en 2026-04-30T16:55:00+03:00 Fake Cell Towers and Sneaky Installers: New Threats Emergethreat-intel, vulnerability, cloud, tools, the-hacker-news https://shimiscyberworld.com/posts/moldova-s-health-insurance-agency-reports-possible-data-leak-d0t29/ Shimi's Cyber World en 2026-04-30T16:37:00+03:00 Moldova Health Insurance Agency Reports Possible Data Leak After Cyberattackthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7402/ Shimi's Cyber World en 2026-04-30T16:16:06+03:00 MeWare PDKS Flooding Vulnerability: CVE-2026-7402 Impacts Time & Attendance Systemsvulnerability, cve, high-severity, cwe-799 https://shimiscyberworld.com/posts/nvd-CVE-2026-7399/ Shimi's Cyber World en 2026-04-30T16:16:06+03:00 MeWare PDKS Authorization Bypass (CVE-2026-7399) Exposes High-Risk Privilege Abusevulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-7382/ Shimi's Cyber World en 2026-04-30T16:16:06+03:00 CVE-2026-7382 — MeWare Software Development Inc. PDKS Vulnerabilityvulnerability, cve, medium-severity, cwe-200, cwe-359 https://shimiscyberworld.com/posts/new-python-backdoor-uses-tunneling-service-to-steal-browser-ei1dl/ Shimi's Cyber World en 2026-04-30T15:36:00+03:00 DEEP#DOOR Python Backdoor Disables Security Controls for Credential Theftthreat-intel, vulnerability, malware, cloud, microsoft, identity, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-41882/ Shimi's Cyber World en 2026-04-30T15:16:24+03:00 JetBrains IntelliJ IDEA Vulnerability Allows Arbitrary File Readingvulnerability, cve, high-severity, cwe-59 https://shimiscyberworld.com/posts/cisa-kev-CVE-2026-41940/ Shimi's Cyber World en 2026-04-30T15:00:00+03:00 CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerabilityvulnerability, cve, cisa-kev, actively-exploited https://shimiscyberworld.com/posts/enocean-smartserver-flaws-expose-buildings-to-remote-hacking-q04hq/ Shimi's Cyber World en 2026-04-30T14:57:31+03:00 EnOcean SmartServer Vulnerabilities Enable Building System Hackingthreat-intel, vulnerability, cloud https://shimiscyberworld.com/posts/etherrat-distribution-spoofing-administrative-tools-via-gith-mmur8/ Shimi's Cyber World en 2026-04-30T14:30:00+03:00 EtherRAT Campaign Spoofs Admin Tools via GitHub Facadesthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/critical-cpanel-whm-vulnerability-exploited-as-zero-day-fo-s3kuu/ Shimi's Cyber World en 2026-04-30T14:10:30+03:00 cPanel & WHM Zero-Day Exploited for Months, Granting Admin Accessthreat-intel, vulnerability, identity https://shimiscyberworld.com/posts/nvd-CVE-2026-6498/ Shimi's Cyber World en 2026-04-30T13:16:02+03:00 CVE-2026-6498 — The Five Star Restaurant Reservations plugin for WordPressvulnerability, cve, medium-severity, cwe-345 https://shimiscyberworld.com/posts/nvd-CVE-2026-42800/ Shimi's Cyber World en 2026-04-30T13:16:02+03:00 CVE-2026-42800: High-Severity Null Pointer Dereference in ASR Lapwing_Linuxvulnerability, cve, high-severity, null-pointer-dereference, cwe-476 https://shimiscyberworld.com/posts/new-linux-copy-fail-vulnerability-enables-root-access-on-m-avzxo/ Shimi's Cyber World en 2026-04-30T12:24:00+03:00 Linux 'Copy Fail' Vulnerability Grants Root Accessthreat-intel, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-42799/ Shimi's Cyber World en 2026-04-30T12:16:03+03:00 CVE-2026-42799: ASR Kestrel Out-of-Bounds Read Flaw Exposes Systemsvulnerability, cve, high-severity, out-of-bounds-1, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-22070/ Shimi's Cyber World en 2026-04-30T12:16:02+03:00 ColorOS Assistant CVE-2026-22070: Unauthenticated Path Traversal Riskvulnerability, cve, high-severity, path-traversal, cwe-23 https://shimiscyberworld.com/posts/sandhills-medical-says-ransomware-breach-affects-170-000-1xudy/ Shimi's Cyber World en 2026-04-30T11:35:59+03:00 Sandhills Medical Discloses Inc Ransomware Breach Affecting 170,000 Patientsthreat-intel, vulnerability, malware, ransomware, data-breach https://shimiscyberworld.com/posts/nvd-CVE-2026-6521/ Shimi's Cyber World en 2026-04-30T10:16:39+03:00 CVE-2026-6521 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-835 https://shimiscyberworld.com/posts/nvd-CVE-2026-6520/ Shimi's Cyber World en 2026-04-30T10:16:39+03:00 CVE-2026-6520 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-835 https://shimiscyberworld.com/posts/nvd-CVE-2026-6519/ Shimi's Cyber World en 2026-04-30T10:16:39+03:00 CVE-2026-6519 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-835 https://shimiscyberworld.com/posts/nvd-CVE-2026-5657/ Shimi's Cyber World en 2026-04-30T10:16:38+03:00 CVE-2026-5657 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-415 https://shimiscyberworld.com/posts/nvd-CVE-2026-5655/ Shimi's Cyber World en 2026-04-30T10:16:38+03:00 CVE-2026-5655 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-5654/ Shimi's Cyber World en 2026-04-30T10:16:38+03:00 CVE-2026-5654 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-5653/ Shimi's Cyber World en 2026-04-30T10:16:38+03:00 CVE-2026-5653 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-122 https://shimiscyberworld.com/posts/nvd-CVE-2026-5409/ Shimi's Cyber World en 2026-04-30T10:16:38+03:00 CVE-2026-5409 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-5408/ Shimi's Cyber World en 2026-04-30T10:16:38+03:00 CVE-2026-5408 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-5407/ Shimi's Cyber World en 2026-04-30T10:16:38+03:00 CVE-2026-5407 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-835 https://shimiscyberworld.com/posts/nvd-CVE-2026-5406/ Shimi's Cyber World en 2026-04-30T10:16:37+03:00 CVE-2026-5406 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-5402/ Shimi's Cyber World en 2026-04-30T10:16:37+03:00 Wireshark TLS Dissector Heap Overflow (CVE-2026-5402) Enables DoS, RCEvulnerability, cve, high-severity, code-execution, cwe-122 https://shimiscyberworld.com/posts/nvd-CVE-2026-5401/ Shimi's Cyber World en 2026-04-30T10:16:37+03:00 CVE-2026-5401 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-5299/ Shimi's Cyber World en 2026-04-30T10:16:37+03:00 CVE-2026-5299 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-41226/ Shimi's Cyber World en 2026-04-30T10:16:37+03:00 CVE-2026-41226 — Open Redirectvulnerability, cve, medium-severity, open-redirect, cwe-601 https://shimiscyberworld.com/posts/google-fixes-cvss-10-gemini-cli-ci-rce-and-cursor-flaws-enab-bv4bq/ Shimi's Cyber World en 2026-04-30T10:07:00+03:00 Google Gemini CLI RCE: CVSS 10 Flaw Exposes CI/CD to Attackthreat-intel, vulnerability, cloud, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-7379/ Shimi's Cyber World en 2026-04-30T09:16:17+03:00 CVE-2026-7379 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-401 https://shimiscyberworld.com/posts/nvd-CVE-2026-7378/ Shimi's Cyber World en 2026-04-30T09:16:17+03:00 CVE-2026-7378 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-122 https://shimiscyberworld.com/posts/nvd-CVE-2026-7376/ Shimi's Cyber World en 2026-04-30T09:16:17+03:00 CVE-2026-7376 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-7375/ Shimi's Cyber World en 2026-04-30T09:16:16+03:00 CVE-2026-7375 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-835 https://shimiscyberworld.com/posts/nvd-CVE-2026-6868/ Shimi's Cyber World en 2026-04-30T09:16:16+03:00 CVE-2026-6868 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2025-13030/ Shimi's Cyber World en 2026-04-30T09:16:14+03:00 CVE-2025-13030: django-mdeditor Vulnerable to Code Execution via Image Uploadvulnerability, cve, high-severity, code-execution, cwe-306 https://shimiscyberworld.com/posts/telegram-1427288221-8854/ Shimi's Cyber World en 2026-04-30T07:18:04+03:00 Iranian Group Claims 30TB Breach of Israeli Company IMCO Industriesisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-7470/ Shimi's Cyber World en 2026-04-30T06:16:01+03:00 CVE-2026-7470: Tenda 4G300 Router Vulnerable to Remote Stack Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-7469/ Shimi's Cyber World en 2026-04-30T05:16:06+03:00 CVE-2026-7469 — Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7468/ Shimi's Cyber World en 2026-04-30T04:16:03+03:00 CVE-2026-7468: Improper Access Control Flaw in 1024-lab smart-adminvulnerability, cve, high-severity, improper-access-control, cwe-266, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-7447/ Shimi's Cyber World en 2026-04-30T04:16:02+03:00 CVE-2026-7447 — SourceCodester Pet Grooming Management Software SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7446/ Shimi's Cyber World en 2026-04-30T03:16:23+03:00 CVE-2026-7446: VetCoders mcp-server-semgrep OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7445/ Shimi's Cyber World en 2026-04-30T03:16:23+03:00 CVE-2026-7445 — ZachHandley ZMCPTools Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7443/ Shimi's Cyber World en 2026-04-30T02:16:20+03:00 CVE-2026-7443: BurtTheCoder mcp-dnstwist OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7420/ Shimi's Cyber World en 2026-04-30T02:16:20+03:00 CVE-2026-7420: UTT HiPER 1250GW Buffer Overflow Exploitable Remotelyvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7419/ Shimi's Cyber World en 2026-04-30T02:16:20+03:00 UTT HiPER 1250GW CVE-2026-7419: Remote Buffer Overflow Exploitablevulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/official-sap-npm-packages-compromised-to-steal-credentials-uiepq/ Shimi's Cyber World en 2026-04-30T01:43:44+03:00 SAP npm Packages Compromised in Supply-Chain Attackthreat-intel, data-breach, malware, identity https://shimiscyberworld.com/posts/house-approves-spy-program-on-second-attempt-senate-fate-mu-3dg2q/ Shimi's Cyber World en 2026-04-30T01:41:00+03:00 House Renews Section 702 FISA, Senate Fate Uncertainthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7418/ Shimi's Cyber World en 2026-04-30T01:16:22+03:00 UTT HiPER 1250GW: High-Severity Buffer Overflow (CVE-2026-7418)vulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7417/ Shimi's Cyber World en 2026-04-30T01:16:22+03:00 Algovate xhs-mcp SSRF Vulnerability (CVE-2026-7417) Publicly Disclosedvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7416/ Shimi's Cyber World en 2026-04-30T01:16:22+03:00 PolarVista xcode-mcp-server Suffers High-Severity OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7410/ Shimi's Cyber World en 2026-04-30T01:16:22+03:00 CVE-2026-7410 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7409/ Shimi's Cyber World en 2026-04-30T01:16:21+03:00 CVE-2026-7409 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7408/ Shimi's Cyber World en 2026-04-30T00:16:22+03:00 CVE-2026-7408 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7407/ Shimi's Cyber World en 2026-04-30T00:16:22+03:00 CVE-2026-7407 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7404/ Shimi's Cyber World en 2026-04-30T00:16:22+03:00 CVE-2026-7404: mcpo-simple-server Vulnerability Exposes Data via Path Traversalvulnerability, cve, high-severity, path-traversal, cwe-22, cwe-23 https://shimiscyberworld.com/posts/nvd-CVE-2026-7403/ Shimi's Cyber World en 2026-04-30T00:16:22+03:00 CVE-2026-7403 — Geldata Gel-Mcp Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-1858/ Shimi's Cyber World en 2026-04-30T00:16:20+03:00 CVE-2026-1858 — wget2 accepts a server certificate with incorrect Key Usagevulnerability, cve, medium-severity, cwe-20 https://shimiscyberworld.com/posts/researchers-built-a-chatbot-that-only-knows-the-world-before-cchcy/ Shimi's Cyber World en 2026-04-29T23:58:30+03:00 Researchers Build LLM Limited to Pre-1931 Knowledge for Bias Studymalware, threat-intel, ransomware, data-breach, cloud, identity, ai-security, tools https://shimiscyberworld.com/posts/us-china-partner-on-scam-center-takedown-in-dubai-17mq8/ Shimi's Cyber World en 2026-04-29T23:51:00+03:00 US, China Partner on Dubai Scam Center Takedownthreat-intel, data-breach, government https://shimiscyberworld.com/posts/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cry-1kr1n/ Shimi's Cyber World en 2026-04-29T23:50:35+03:00 Qinglong Task Scheduler Exploited for Cryptomining via RCE Flawsthreat-intel, data-breach, malware, vulnerability, cloud, identity, tools, bleepingcomputer https://shimiscyberworld.com/posts/nvd-CVE-2026-7426/ Shimi's Cyber World en 2026-04-29T23:16:32+03:00 CVE-2026-7426: FreeRTOS-Plus-TCP IPv6 RA Heap Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-34965/ Shimi's Cyber World en 2026-04-29T23:16:29+03:00 CVE-2026-34965: Cockpit CMS RCE via PHP Code Injectionvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2018-25318/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 CVE-2018-25318: Tenda Router Vulnerability Allows DNS Hijackingvulnerability, cve, critical, high-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2018-25317/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 Tenda Routers: CVE-2018-25317 Allows Unauthenticated DNS Hijackingvulnerability, cve, critical, high-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2018-25316/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 CVE-2018-25316: Tenda Router Flaw Exposes DNS Hijacking Riskvulnerability, cve, critical, high-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2018-25315/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 CVE-2018-25315: Alloksoft Video Joiner Buffer Overflow Allows Code Executionvulnerability, cve, high-severity, code-execution, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25314/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 CVE-2018-25314: Alloksoft WMV Converter Buffer Overflow Allows Local Code Executionvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25308/ Shimi's Cyber World en 2026-04-29T23:16:26+03:00 BuddyPress RCE: Authenticated Users Can Delete Arbitrary Filesvulnerability, cve, high-severity, remote-code-execution, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2018-25307/ Shimi's Cyber World en 2026-04-29T23:16:26+03:00 SysGauge Pro 4.6.12 Vulnerability Allows Local Code Executionvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25304/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 Free Download Manager CVE-2018-25304: Local Buffer Overflow Allows Code Executionvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25303/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25303: Allok Video to DVD Burner Stack Overflowvulnerability, cve, high-severity, code-execution, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2018-25302/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25302: Allok AVI to DVD Converter Buffer Overflowvulnerability, cve, high-severity, code-execution, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25301/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25301: Easy MPEG to DVD Burner Local Buffer Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25300/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25300: XATABoost CMS SQL Injection Allows Unauthenticated Data Extractionvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2018-25299/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25299: Prime95 Local Buffer Overflow Allows Arbitrary Code Executionvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/reverse-engineering-with-ai-unearths-high-severity-github-bu-htoqy/ Shimi's Cyber World en 2026-04-29T23:08:17+03:00 AI Reverse Engineering Unearths High-Severity GitHub Bugthreat-intel, tools, vulnerability https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-04-29T23:00:00+03:00 Daily Security Digest — 2026-04-29daily-digest, vulnerability, cve, high-severity, cwe-862, improper-access-control, cwe-266, cwe-269, cwe-284, cwe-59 https://shimiscyberworld.com/posts/ai-finds-38-security-flaws-in-electronic-health-record-platf-g54ev/ Shimi's Cyber World en 2026-04-29T22:32:42+03:00 AI Spots 38 Critical Flaws in OpenEMR Healthcare Platformthreat-intel, tools, cloud https://shimiscyberworld.com/posts/nvd-CVE-2026-7466/ Shimi's Cyber World en 2026-04-29T22:16:27+03:00 AgentFlow RCE Vulnerability (CVE-2026-7466) Allows Local Code Executionvulnerability, cve, high-severity, code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-7439/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7439 — AgentFlow's local web API accepts non-JSON content types onvulnerability, cve, medium-severity, cwe-346 https://shimiscyberworld.com/posts/nvd-CVE-2026-7424/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7424: FreeRTOS-Plus-TCP DHCPv6 Vulnerability Leads to DoSvulnerability, cve, high-severity, denial-of-service, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-7423/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7423 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-7422/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7422 — Insufficient packet validation in FreeRTOS-Plus-TCP beforevulnerability, cve, medium-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2026-7398/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7398: Path Traversal in BioinfoMCP Upload Endpointvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7397/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7397 — NousResearch Hermes-Agent Vulnerabilityvulnerability, cve, medium-severity, cwe-59, cwe-61 https://shimiscyberworld.com/posts/nvd-CVE-2026-41499/ Shimi's Cyber World en 2026-04-29T22:16:23+03:00 CVE-2026-41499 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-124, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-30893/ Shimi's Cyber World en 2026-04-29T22:16:23+03:00 Wazuh CVE-2026-30893: Critical Path Traversal to RCEvulnerability, cve, critical, high-severity, code-execution, cwe-22, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-28221/ Shimi's Cyber World en 2026-04-29T22:16:23+03:00 CVE-2026-28221 — Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-121, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-27105/ Shimi's Cyber World en 2026-04-29T22:16:22+03:00 CVE-2026-27105 — Arbitrary File Accessvulnerability, cve, medium-severity, arbitrary-file-access, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-26206/ Shimi's Cyber World en 2026-04-29T22:16:22+03:00 CVE-2026-26206 — Wazuh is a free and open source platform used for threatvulnerability, cve, medium-severity, cwe-307, cwe-362, cwe-367 https://shimiscyberworld.com/posts/nvd-CVE-2026-7396/ Shimi's Cyber World en 2026-04-29T21:16:05+03:00 CVE-2026-7396 — NousResearch Hermes-Agent Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7394/ Shimi's Cyber World en 2026-04-29T21:16:05+03:00 CVE-2026-7394 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-5712/ Shimi's Cyber World en 2026-04-29T21:16:05+03:00 IdentityIQ CVE-2026-5712: Authenticated Users Can Edit Rolesvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-26204/ Shimi's Cyber World en 2026-04-29T21:16:04+03:00 CVE-2026-26204 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-124, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-7393/ Shimi's Cyber World en 2026-04-29T20:16:42+03:00 CVE-2026-7393 — SourceCodester Pizzafy Ecommerce System Unrestricted File Uploadvulnerability, cve, medium-severity, unrestricted-file-upload, cwe-284, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-7392/ Shimi's Cyber World en 2026-04-29T20:16:41+03:00 CVE-2026-7392 — SourceCodester Pharmacy Sales And Inventory System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7391/ Shimi's Cyber World en 2026-04-29T20:16:41+03:00 CVE-2026-7391 — SourceCodester Pharmacy Sales And Inventory System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6915/ Shimi's Cyber World en 2026-04-29T20:16:41+03:00 CVE-2026-6915 — An authorization flaw in the user management command couldvulnerability, cve, medium-severity, cwe-1284 https://shimiscyberworld.com/posts/nvd-CVE-2026-6914/ Shimi's Cyber World en 2026-04-29T20:16:41+03:00 CVE-2026-6914 — Computing the MD5 checksum of a malformed BSON object undervulnerability, cve, medium-severity, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-0206/ Shimi's Cyber World en 2026-04-29T20:16:40+03:00 CVE-2026-0206 — Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-0205/ Shimi's Cyber World en 2026-04-29T20:16:40+03:00 CVE-2026-0205 — SonicOS Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-35 https://shimiscyberworld.com/posts/nvd-CVE-2026-0204/ Shimi's Cyber World en 2026-04-29T20:16:40+03:00 SonicOS Access Control Bypass (CVE-2026-0204) Rated High Severityvulnerability, cve, high-severity, cwe-306, cwe-1390 https://shimiscyberworld.com/posts/sap-npm-packages-compromised-by-mini-shai-hulud-credential-4sc03/ Shimi's Cyber World en 2026-04-29T19:26:00+03:00 SAP npm Packages Compromised by "Mini Shai-Hulud" Credential Stealing Malwarethreat-intel, vulnerability, malware, cloud, identity https://shimiscyberworld.com/posts/nvd-CVE-2026-7389/ Shimi's Cyber World en 2026-04-29T19:16:29+03:00 CVE-2026-7389: EyouCMS SQL Injection Vulnerability Exposedvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7388/ Shimi's Cyber World en 2026-04-29T19:16:29+03:00 CVE-2026-7388 — A weakness has been identified in EyouCMS up to 1.7.9.vulnerability, cve, medium-severity, cwe-74, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-7386/ Shimi's Cyber World en 2026-04-29T19:16:29+03:00 CVE-2026-7386: fatbobman mail-mcp-bridge Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-6849/ Shimi's Cyber World en 2026-04-29T19:16:28+03:00 Pardus OS My Computer Vulnerability Allows OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-5166/ Shimi's Cyber World en 2026-04-29T19:16:26+03:00 CVE-2026-5166: Critical Path Traversal in TUBITAK Pardus Software Centervulnerability, cve, critical, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-42198/ Shimi's Cyber World en 2026-04-29T19:16:25+03:00 pgjdbc Client-Side DoS: Malicious Servers Can Exhaust CPU via SCRAM-SHA-256vulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-41940/ Shimi's Cyber World en 2026-04-29T19:16:25+03:00 cPanel & WHM Critical Authentication Bypass (CVE-2026-41940)vulnerability, cve, critical, high-severity, authentication-bypass, cwe-306 https://shimiscyberworld.com/posts/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug-hr31j/ Shimi's Cyber World en 2026-04-29T18:51:44+03:00 cPanel, WHM Emergency Patch Fixes Critical Auth Bypassthreat-intel, data-breach, malware, vulnerability, identity https://shimiscyberworld.com/posts/european-commission-accuses-meta-of-breaching-child-safety-r-ozmby/ Shimi's Cyber World en 2026-04-29T18:47:00+03:00 European Commission Accuses Meta of Child Safety Breaches Under DSAthreat-intel, data-breach, government https://shimiscyberworld.com/posts/vect-2-0-ransomware-acts-as-wiper-thanks-to-design-error-oj9u5/ Shimi's Cyber World en 2026-04-29T18:23:53+03:00 Vect 2.0 Ransomware Acts as Wiper Due to Design Errorthreat-intel, tools, malware, ransomware https://shimiscyberworld.com/posts/nvd-CVE-2026-7384/ Shimi's Cyber World en 2026-04-29T18:16:11+03:00 CVE-2026-7384 — Ezequiroga Mcp-Bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea3 Path Traversalvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-5161/ Shimi's Cyber World en 2026-04-29T18:16:08+03:00 CVE-2026-5161: Pardus About Suffers High-Severity Symlink Vulnerabilityvulnerability, cve, high-severity, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-5141/ Shimi's Cyber World en 2026-04-29T18:16:07+03:00 CVE-2026-5141: Pardus Software Center Vulnerability Allows Privileged Process Hijackingvulnerability, cve, high-severity, improper-access-control, cwe-266, cwe-269, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-41952/ Shimi's Cyber World en 2026-04-29T18:16:06+03:00 Acronis DLP and Cyber Protect Agent Vulnerable to Privilege Escalation (CVE-2026-41952)vulnerability, cve, high-severity, privilege-escalation, cwe-123 https://shimiscyberworld.com/posts/nvd-CVE-2026-41220/ Shimi's Cyber World en 2026-04-29T18:16:05+03:00 Acronis DLP, Cyber Protect Agent Vulnerable to Local Privilege Escalation (CVE-2026-41220)vulnerability, cve, high-severity, privilege-escalation, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-25852/ Shimi's Cyber World en 2026-04-29T18:16:05+03:00 CVE-2026-25852 — Privilege Escalationvulnerability, cve, medium-severity, privilege-escalation, cwe-427 https://shimiscyberworld.com/posts/new-wave-of-dprk-attacks-uses-ai-inserted-npm-malware-fake-ian3i/ Shimi's Cyber World en 2026-04-29T17:43:00+03:00 DPRK Uses AI-Inserted npm Malware, Targeting Developersthreat-intel, vulnerability, malware, ai-security https://shimiscyberworld.com/posts/swiss-police-arrest-10-suspected-members-of-nigeria-linked-c-2qt9f/ Shimi's Cyber World en 2026-04-29T17:15:00+03:00 Black Axe: Swiss Police Arrest 10 Suspected Membersthreat-intel, data-breach, government https://shimiscyberworld.com/posts/learning-from-the-vercel-breach-shadow-ai-oauth-sprawl-3uywm/ Shimi's Cyber World en 2026-04-29T16:05:14+03:00 Vercel Breach Highlights OAuth App Risks and Shadow AI Threatsthreat-intel, data-breach, malware, identity https://shimiscyberworld.com/posts/lotus-wiper-attack-targeted-venezuelan-energy-firms-utiliti-hhfv0/ Shimi's Cyber World en 2026-04-29T16:00:00+03:00 Lotus Wiper Targets Venezuelan Energy, Utilities with Sophisticated LotLthreat-intel, tools, malware https://shimiscyberworld.com/posts/github-fixes-rce-flaw-that-gave-access-to-millions-of-privat-xvj23/ Shimi's Cyber World en 2026-04-29T15:41:17+03:00 GitHub RCE Flaw Could Have Exposed Millions of Private Repositoriesthreat-intel, data-breach, malware, vulnerability, tools https://shimiscyberworld.com/posts/webinar-how-to-automate-exposure-validation-to-match-the-sp-ynxh4/ Shimi's Cyber World en 2026-04-29T15:02:00+03:00 AI Automates Attacks: Autonomous Agents Target Active Directory in Minutesthreat-intel, vulnerability, microsoft, identity, phishing https://shimiscyberworld.com/posts/incd-alert_1992/ Shimi's Cyber World en 2026-04-29T15:00:00+03:00 Unidentified RMM Tool Exploited in Active Attacks Against Israeli Organizationsincd, israel, advisory, alert https://shimiscyberworld.com/posts/what-to-look-for-in-an-exposure-management-platform-and-wha-zhxzs/ Shimi's Cyber World en 2026-04-29T14:30:00+03:00 Exposure Management Platforms Fall Short: Context is Key, Not Just Countsthreat-intel, vulnerability https://shimiscyberworld.com/posts/cisa-orders-feds-to-patch-windows-flaw-exploited-as-zero-day-47f0x/ Shimi's Cyber World en 2026-04-29T13:29:31+03:00 CISA Mandates Urgent Patching for Windows Zero-Day Exploited in Attacksthreat-intel, data-breach, malware, vulnerability, microsoft https://shimiscyberworld.com/posts/critical-cpanel-authentication-vulnerability-identified-up-10tps/ Shimi's Cyber World en 2026-04-29T12:37:00+03:00 Critical cPanel Authentication Flaw Exposes Serversthreat-intel, vulnerability, identity, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-4019/ Shimi's Cyber World en 2026-04-29T12:16:25+03:00 CVE-2026-4019 — The Complianz – GDPR/CCPA Cookie Consent plugin forvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-42412/ Shimi's Cyber World en 2026-04-29T12:16:24+03:00 CVE-2026-42412 — WeDevs WP User Frontend Vulnerabilityvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2025-10503/ Shimi's Cyber World en 2026-04-29T12:16:23+03:00 CVE-2025-10503 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42377/ Shimi's Cyber World en 2026-04-29T11:16:18+03:00 SureForms Pro Vulnerability CVE-2026-42377 Exposes Access Control Flawsvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/telegram-1427288221-8849/ Shimi's Cyber World en 2026-04-29T10:02:16+03:00 Cyber News - Erez Dasa: Unattributed Foreign Login Triggered Investigationisrael, cybersafe https://shimiscyberworld.com/posts/telegram-1427288221-8847/ Shimi's Cyber World en 2026-04-29T09:02:28+03:00 Vect Ransomware: Bug Turns Encryption into Irreversible Data Wiperisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-35155/ Shimi's Cyber World en 2026-04-29T08:16:04+03:00 Dell iDRAC10 Vulnerability: Low-Privilege Race Condition Grants High Accessvulnerability, cve, high-severity, race-condition, cwe-522 https://shimiscyberworld.com/posts/nvd-CVE-2026-42615/ Shimi's Cyber World en 2026-04-29T07:16:41+03:00 GCHQ CyberChef XSS Vulnerability (CVE-2026-42615) Identifiedvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-23773/ Shimi's Cyber World en 2026-04-29T07:16:40+03:00 CVE-2026-23773 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42167/ Shimi's Cyber World en 2026-04-29T02:16:20+03:00 CVE-2026-42167: ProFTPD mod_sql RCE Via Log Expansionvulnerability, cve, high-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7319/ Shimi's Cyber World en 2026-04-29T01:16:52+03:00 CVE-2026-7319: Path Traversal in elinsky execution-system-mcp Poses Remote Riskvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7318/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7318 — Elie Mcp-Project Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7317/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7317 — Grav CMS Insecure Deserializationvulnerability, cve, medium-severity, insecure-deserialization, cwe-20, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-7316/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7316: Aider-mcp Command Injection Exposes AI Dev Workflowsvulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7315/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7315: eiceblue spire-pdf-mcp-server Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7314/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7314: eiceblue spire-doc-mcp-server Path Traversal Publicly Exploitedvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7306/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7306 — Xuxueli Xxl-Job Vulnerabilityvulnerability, cve, medium-severity, cwe-320, cwe-321 https://shimiscyberworld.com/posts/nvd-CVE-2026-7305/ Shimi's Cyber World en 2026-04-29T01:16:50+03:00 CVE-2026-7305 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41649/ Shimi's Cyber World en 2026-04-29T01:16:49+03:00 Outline Insecure Direct Object Reference (CVE-2026-41649) Exposes Documentsvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-33467/ Shimi's Cyber World en 2026-04-29T01:16:48+03:00 CVE-2026-33467 — Improper Verification of Cryptographic Signature (CWE-347)vulnerability, cve, medium-severity, cwe-347 https://shimiscyberworld.com/posts/spy-agency-officials-say-job-loss-anxiety-moving-fast-safe-x3o7u/ Shimi's Cyber World en 2026-04-29T00:43:20+03:00 NGA Grapples with AI Workforce Overhaul and Job Anxietythreat-intel, policy, government, microsoft, tools