https://shimiscyberworld.com/posts/nvd-CVE-2026-7446/ Shimi's Cyber World en 2026-04-30T03:16:23+03:00 CVE-2026-7446: VetCoders mcp-server-semgrep OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7445/ Shimi's Cyber World en 2026-04-30T03:16:23+03:00 CVE-2026-7445 — ZachHandley ZMCPTools Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7443/ Shimi's Cyber World en 2026-04-30T02:16:20+03:00 CVE-2026-7443: BurtTheCoder mcp-dnstwist OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7420/ Shimi's Cyber World en 2026-04-30T02:16:20+03:00 CVE-2026-7420: UTT HiPER 1250GW Buffer Overflow Exploitable Remotelyvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7419/ Shimi's Cyber World en 2026-04-30T02:16:20+03:00 UTT HiPER 1250GW CVE-2026-7419: Remote Buffer Overflow Exploitablevulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/official-sap-npm-packages-compromised-to-steal-credentials-uiepq/ Shimi's Cyber World en 2026-04-30T01:43:44+03:00 SAP npm Packages Compromised in Supply-Chain Attackthreat-intel, data-breach, malware, identity https://shimiscyberworld.com/posts/house-approves-spy-program-on-second-attempt-senate-fate-mu-3dg2q/ Shimi's Cyber World en 2026-04-30T01:41:00+03:00 House Renews Section 702 FISA, Senate Fate Uncertainthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7418/ Shimi's Cyber World en 2026-04-30T01:16:22+03:00 UTT HiPER 1250GW: High-Severity Buffer Overflow (CVE-2026-7418)vulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7417/ Shimi's Cyber World en 2026-04-30T01:16:22+03:00 Algovate xhs-mcp SSRF Vulnerability (CVE-2026-7417) Publicly Disclosedvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7416/ Shimi's Cyber World en 2026-04-30T01:16:22+03:00 PolarVista xcode-mcp-server Suffers High-Severity OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7410/ Shimi's Cyber World en 2026-04-30T01:16:22+03:00 CVE-2026-7410 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7409/ Shimi's Cyber World en 2026-04-30T01:16:21+03:00 CVE-2026-7409 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7408/ Shimi's Cyber World en 2026-04-30T00:16:22+03:00 CVE-2026-7408 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7407/ Shimi's Cyber World en 2026-04-30T00:16:22+03:00 CVE-2026-7407 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7404/ Shimi's Cyber World en 2026-04-30T00:16:22+03:00 CVE-2026-7404: mcpo-simple-server Vulnerability Exposes Data via Path Traversalvulnerability, cve, high-severity, path-traversal, cwe-22, cwe-23 https://shimiscyberworld.com/posts/nvd-CVE-2026-7403/ Shimi's Cyber World en 2026-04-30T00:16:22+03:00 CVE-2026-7403 — Geldata Gel-Mcp Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-1858/ Shimi's Cyber World en 2026-04-30T00:16:20+03:00 CVE-2026-1858 — wget2 accepts a server certificate with incorrect Key Usagevulnerability, cve, medium-severity, cwe-20 https://shimiscyberworld.com/posts/researchers-built-a-chatbot-that-only-knows-the-world-before-cchcy/ Shimi's Cyber World en 2026-04-29T23:58:30+03:00 Researchers Build LLM Limited to Pre-1931 Knowledge for Bias Studymalware, threat-intel, ransomware, data-breach, cloud, identity, ai-security, tools https://shimiscyberworld.com/posts/us-china-partner-on-scam-center-takedown-in-dubai-17mq8/ Shimi's Cyber World en 2026-04-29T23:51:00+03:00 US, China Partner on Dubai Scam Center Takedownthreat-intel, data-breach, government https://shimiscyberworld.com/posts/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cry-1kr1n/ Shimi's Cyber World en 2026-04-29T23:50:35+03:00 Qinglong Task Scheduler Exploited for Cryptomining via RCE Flawsthreat-intel, data-breach, malware, vulnerability, cloud, identity, tools, bleepingcomputer https://shimiscyberworld.com/posts/nvd-CVE-2026-7426/ Shimi's Cyber World en 2026-04-29T23:16:32+03:00 CVE-2026-7426: FreeRTOS-Plus-TCP IPv6 RA Heap Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-34965/ Shimi's Cyber World en 2026-04-29T23:16:29+03:00 CVE-2026-34965: Cockpit CMS RCE via PHP Code Injectionvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2018-25318/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 CVE-2018-25318: Tenda Router Vulnerability Allows DNS Hijackingvulnerability, cve, critical, high-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2018-25317/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 Tenda Routers: CVE-2018-25317 Allows Unauthenticated DNS Hijackingvulnerability, cve, critical, high-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2018-25316/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 CVE-2018-25316: Tenda Router Flaw Exposes DNS Hijacking Riskvulnerability, cve, critical, high-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2018-25315/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 CVE-2018-25315: Alloksoft Video Joiner Buffer Overflow Allows Code Executionvulnerability, cve, high-severity, code-execution, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25314/ Shimi's Cyber World en 2026-04-29T23:16:27+03:00 CVE-2018-25314: Alloksoft WMV Converter Buffer Overflow Allows Local Code Executionvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25308/ Shimi's Cyber World en 2026-04-29T23:16:26+03:00 BuddyPress RCE: Authenticated Users Can Delete Arbitrary Filesvulnerability, cve, high-severity, remote-code-execution, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2018-25307/ Shimi's Cyber World en 2026-04-29T23:16:26+03:00 SysGauge Pro 4.6.12 Vulnerability Allows Local Code Executionvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25304/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 Free Download Manager CVE-2018-25304: Local Buffer Overflow Allows Code Executionvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25303/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25303: Allok Video to DVD Burner Stack Overflowvulnerability, cve, high-severity, code-execution, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2018-25302/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25302: Allok AVI to DVD Converter Buffer Overflowvulnerability, cve, high-severity, code-execution, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25301/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25301: Easy MPEG to DVD Burner Local Buffer Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2018-25300/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25300: XATABoost CMS SQL Injection Allows Unauthenticated Data Extractionvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2018-25299/ Shimi's Cyber World en 2026-04-29T23:16:25+03:00 CVE-2018-25299: Prime95 Local Buffer Overflow Allows Arbitrary Code Executionvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/reverse-engineering-with-ai-unearths-high-severity-github-bu-htoqy/ Shimi's Cyber World en 2026-04-29T23:08:17+03:00 AI Reverse Engineering Unearths High-Severity GitHub Bugthreat-intel, tools, vulnerability https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-04-29T23:00:00+03:00 Daily Security Digest — 2026-04-29daily-digest, vulnerability, cve, high-severity, cwe-862, improper-access-control, cwe-266, cwe-269, cwe-284, cwe-59 https://shimiscyberworld.com/posts/ai-finds-38-security-flaws-in-electronic-health-record-platf-g54ev/ Shimi's Cyber World en 2026-04-29T22:32:42+03:00 AI Spots 38 Critical Flaws in OpenEMR Healthcare Platformthreat-intel, tools, cloud https://shimiscyberworld.com/posts/nvd-CVE-2026-7466/ Shimi's Cyber World en 2026-04-29T22:16:27+03:00 AgentFlow RCE Vulnerability (CVE-2026-7466) Allows Local Code Executionvulnerability, cve, high-severity, code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-7439/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7439 — AgentFlow's local web API accepts non-JSON content types onvulnerability, cve, medium-severity, cwe-346 https://shimiscyberworld.com/posts/nvd-CVE-2026-7424/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7424: FreeRTOS-Plus-TCP DHCPv6 Vulnerability Leads to DoSvulnerability, cve, high-severity, denial-of-service, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-7423/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7423 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-7422/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7422 — Insufficient packet validation in FreeRTOS-Plus-TCP beforevulnerability, cve, medium-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2026-7398/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7398: Path Traversal in BioinfoMCP Upload Endpointvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7397/ Shimi's Cyber World en 2026-04-29T22:16:26+03:00 CVE-2026-7397 — NousResearch Hermes-Agent Vulnerabilityvulnerability, cve, medium-severity, cwe-59, cwe-61 https://shimiscyberworld.com/posts/nvd-CVE-2026-41499/ Shimi's Cyber World en 2026-04-29T22:16:23+03:00 CVE-2026-41499 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-124, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-30893/ Shimi's Cyber World en 2026-04-29T22:16:23+03:00 Wazuh CVE-2026-30893: Critical Path Traversal to RCEvulnerability, cve, critical, high-severity, code-execution, cwe-22, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-28221/ Shimi's Cyber World en 2026-04-29T22:16:23+03:00 CVE-2026-28221 — Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-121, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-27105/ Shimi's Cyber World en 2026-04-29T22:16:22+03:00 CVE-2026-27105 — Arbitrary File Accessvulnerability, cve, medium-severity, arbitrary-file-access, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-26206/ Shimi's Cyber World en 2026-04-29T22:16:22+03:00 CVE-2026-26206 — Wazuh is a free and open source platform used for threatvulnerability, cve, medium-severity, cwe-307, cwe-362, cwe-367 https://shimiscyberworld.com/posts/nvd-CVE-2026-7396/ Shimi's Cyber World en 2026-04-29T21:16:05+03:00 CVE-2026-7396 — NousResearch Hermes-Agent Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7394/ Shimi's Cyber World en 2026-04-29T21:16:05+03:00 CVE-2026-7394 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-5712/ Shimi's Cyber World en 2026-04-29T21:16:05+03:00 IdentityIQ CVE-2026-5712: Authenticated Users Can Edit Rolesvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-26204/ Shimi's Cyber World en 2026-04-29T21:16:04+03:00 CVE-2026-26204 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-124, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-7393/ Shimi's Cyber World en 2026-04-29T20:16:42+03:00 CVE-2026-7393 — SourceCodester Pizzafy Ecommerce System Unrestricted File Uploadvulnerability, cve, medium-severity, unrestricted-file-upload, cwe-284, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-7392/ Shimi's Cyber World en 2026-04-29T20:16:41+03:00 CVE-2026-7392 — SourceCodester Pharmacy Sales And Inventory System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7391/ Shimi's Cyber World en 2026-04-29T20:16:41+03:00 CVE-2026-7391 — SourceCodester Pharmacy Sales And Inventory System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6915/ Shimi's Cyber World en 2026-04-29T20:16:41+03:00 CVE-2026-6915 — An authorization flaw in the user management command couldvulnerability, cve, medium-severity, cwe-1284 https://shimiscyberworld.com/posts/nvd-CVE-2026-6914/ Shimi's Cyber World en 2026-04-29T20:16:41+03:00 CVE-2026-6914 — Computing the MD5 checksum of a malformed BSON object undervulnerability, cve, medium-severity, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-0206/ Shimi's Cyber World en 2026-04-29T20:16:40+03:00 CVE-2026-0206 — Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-0205/ Shimi's Cyber World en 2026-04-29T20:16:40+03:00 CVE-2026-0205 — SonicOS Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-35 https://shimiscyberworld.com/posts/nvd-CVE-2026-0204/ Shimi's Cyber World en 2026-04-29T20:16:40+03:00 SonicOS Access Control Bypass (CVE-2026-0204) Rated High Severityvulnerability, cve, high-severity, cwe-306, cwe-1390 https://shimiscyberworld.com/posts/sap-npm-packages-compromised-by-mini-shai-hulud-credential-4sc03/ Shimi's Cyber World en 2026-04-29T19:26:00+03:00 SAP npm Packages Compromised by "Mini Shai-Hulud" Credential Stealing Malwarethreat-intel, vulnerability, malware, cloud, identity https://shimiscyberworld.com/posts/nvd-CVE-2026-7389/ Shimi's Cyber World en 2026-04-29T19:16:29+03:00 CVE-2026-7389: EyouCMS SQL Injection Vulnerability Exposedvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7388/ Shimi's Cyber World en 2026-04-29T19:16:29+03:00 CVE-2026-7388 — A weakness has been identified in EyouCMS up to 1.7.9.vulnerability, cve, medium-severity, cwe-74, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-7386/ Shimi's Cyber World en 2026-04-29T19:16:29+03:00 CVE-2026-7386: fatbobman mail-mcp-bridge Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-6849/ Shimi's Cyber World en 2026-04-29T19:16:28+03:00 Pardus OS My Computer Vulnerability Allows OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-5166/ Shimi's Cyber World en 2026-04-29T19:16:26+03:00 CVE-2026-5166: Critical Path Traversal in TUBITAK Pardus Software Centervulnerability, cve, critical, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-42198/ Shimi's Cyber World en 2026-04-29T19:16:25+03:00 pgjdbc Client-Side DoS: Malicious Servers Can Exhaust CPU via SCRAM-SHA-256vulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-41940/ Shimi's Cyber World en 2026-04-29T19:16:25+03:00 cPanel & WHM Critical Authentication Bypass (CVE-2026-41940)vulnerability, cve, critical, high-severity, authentication-bypass, cwe-306 https://shimiscyberworld.com/posts/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug-hr31j/ Shimi's Cyber World en 2026-04-29T18:51:44+03:00 cPanel, WHM Emergency Patch Fixes Critical Auth Bypassthreat-intel, data-breach, malware, vulnerability, identity https://shimiscyberworld.com/posts/european-commission-accuses-meta-of-breaching-child-safety-r-ozmby/ Shimi's Cyber World en 2026-04-29T18:47:00+03:00 European Commission Accuses Meta of Child Safety Breaches Under DSAthreat-intel, data-breach, government https://shimiscyberworld.com/posts/vect-2-0-ransomware-acts-as-wiper-thanks-to-design-error-oj9u5/ Shimi's Cyber World en 2026-04-29T18:23:53+03:00 Vect 2.0 Ransomware Acts as Wiper Due to Design Errorthreat-intel, tools, malware, ransomware https://shimiscyberworld.com/posts/nvd-CVE-2026-7384/ Shimi's Cyber World en 2026-04-29T18:16:11+03:00 CVE-2026-7384 — Ezequiroga Mcp-Bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea3 Path Traversalvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-5161/ Shimi's Cyber World en 2026-04-29T18:16:08+03:00 CVE-2026-5161: Pardus About Suffers High-Severity Symlink Vulnerabilityvulnerability, cve, high-severity, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-5141/ Shimi's Cyber World en 2026-04-29T18:16:07+03:00 CVE-2026-5141: Pardus Software Center Vulnerability Allows Privileged Process Hijackingvulnerability, cve, high-severity, improper-access-control, cwe-266, cwe-269, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-41952/ Shimi's Cyber World en 2026-04-29T18:16:06+03:00 Acronis DLP and Cyber Protect Agent Vulnerable to Privilege Escalation (CVE-2026-41952)vulnerability, cve, high-severity, privilege-escalation, cwe-123 https://shimiscyberworld.com/posts/nvd-CVE-2026-41220/ Shimi's Cyber World en 2026-04-29T18:16:05+03:00 Acronis DLP, Cyber Protect Agent Vulnerable to Local Privilege Escalation (CVE-2026-41220)vulnerability, cve, high-severity, privilege-escalation, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-25852/ Shimi's Cyber World en 2026-04-29T18:16:05+03:00 CVE-2026-25852 — Privilege Escalationvulnerability, cve, medium-severity, privilege-escalation, cwe-427 https://shimiscyberworld.com/posts/new-wave-of-dprk-attacks-uses-ai-inserted-npm-malware-fake-ian3i/ Shimi's Cyber World en 2026-04-29T17:43:00+03:00 DPRK Uses AI-Inserted npm Malware, Targeting Developersthreat-intel, vulnerability, malware, ai-security https://shimiscyberworld.com/posts/swiss-police-arrest-10-suspected-members-of-nigeria-linked-c-2qt9f/ Shimi's Cyber World en 2026-04-29T17:15:00+03:00 Black Axe: Swiss Police Arrest 10 Suspected Membersthreat-intel, data-breach, government https://shimiscyberworld.com/posts/learning-from-the-vercel-breach-shadow-ai-oauth-sprawl-3uywm/ Shimi's Cyber World en 2026-04-29T16:05:14+03:00 Vercel Breach Highlights OAuth App Risks and Shadow AI Threatsthreat-intel, data-breach, malware, identity https://shimiscyberworld.com/posts/lotus-wiper-attack-targeted-venezuelan-energy-firms-utiliti-hhfv0/ Shimi's Cyber World en 2026-04-29T16:00:00+03:00 Lotus Wiper Targets Venezuelan Energy, Utilities with Sophisticated LotLthreat-intel, tools, malware https://shimiscyberworld.com/posts/github-fixes-rce-flaw-that-gave-access-to-millions-of-privat-xvj23/ Shimi's Cyber World en 2026-04-29T15:41:17+03:00 GitHub RCE Flaw Could Have Exposed Millions of Private Repositoriesthreat-intel, data-breach, malware, vulnerability, tools https://shimiscyberworld.com/posts/webinar-how-to-automate-exposure-validation-to-match-the-sp-ynxh4/ Shimi's Cyber World en 2026-04-29T15:02:00+03:00 AI Automates Attacks: Autonomous Agents Target Active Directory in Minutesthreat-intel, vulnerability, microsoft, identity, phishing https://shimiscyberworld.com/posts/incd-alert_1992/ Shimi's Cyber World en 2026-04-29T15:00:00+03:00 Unidentified RMM Tool Exploited in Active Attacks Against Israeli Organizationsincd, israel, advisory, alert https://shimiscyberworld.com/posts/what-to-look-for-in-an-exposure-management-platform-and-wha-zhxzs/ Shimi's Cyber World en 2026-04-29T14:30:00+03:00 Exposure Management Platforms Fall Short: Context is Key, Not Just Countsthreat-intel, vulnerability https://shimiscyberworld.com/posts/cisa-orders-feds-to-patch-windows-flaw-exploited-as-zero-day-47f0x/ Shimi's Cyber World en 2026-04-29T13:29:31+03:00 CISA Mandates Urgent Patching for Windows Zero-Day Exploited in Attacksthreat-intel, data-breach, malware, vulnerability, microsoft https://shimiscyberworld.com/posts/critical-cpanel-authentication-vulnerability-identified-up-10tps/ Shimi's Cyber World en 2026-04-29T12:37:00+03:00 Critical cPanel Authentication Flaw Exposes Serversthreat-intel, vulnerability, identity, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-4019/ Shimi's Cyber World en 2026-04-29T12:16:25+03:00 CVE-2026-4019 — The Complianz – GDPR/CCPA Cookie Consent plugin forvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-42412/ Shimi's Cyber World en 2026-04-29T12:16:24+03:00 CVE-2026-42412 — WeDevs WP User Frontend Vulnerabilityvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2025-10503/ Shimi's Cyber World en 2026-04-29T12:16:23+03:00 CVE-2025-10503 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42377/ Shimi's Cyber World en 2026-04-29T11:16:18+03:00 SureForms Pro Vulnerability CVE-2026-42377 Exposes Access Control Flawsvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/telegram-1427288221-8849/ Shimi's Cyber World en 2026-04-29T10:02:16+03:00 Cyber News - Erez Dasa: Unattributed Foreign Login Triggered Investigationisrael, cybersafe https://shimiscyberworld.com/posts/telegram-1427288221-8847/ Shimi's Cyber World en 2026-04-29T09:02:28+03:00 Vect Ransomware: Bug Turns Encryption into Irreversible Data Wiperisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-35155/ Shimi's Cyber World en 2026-04-29T08:16:04+03:00 Dell iDRAC10 Vulnerability: Low-Privilege Race Condition Grants High Accessvulnerability, cve, high-severity, race-condition, cwe-522 https://shimiscyberworld.com/posts/nvd-CVE-2026-42615/ Shimi's Cyber World en 2026-04-29T07:16:41+03:00 GCHQ CyberChef XSS Vulnerability (CVE-2026-42615) Identifiedvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-23773/ Shimi's Cyber World en 2026-04-29T07:16:40+03:00 CVE-2026-23773 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42167/ Shimi's Cyber World en 2026-04-29T02:16:20+03:00 CVE-2026-42167: ProFTPD mod_sql RCE Via Log Expansionvulnerability, cve, high-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7319/ Shimi's Cyber World en 2026-04-29T01:16:52+03:00 CVE-2026-7319: Path Traversal in elinsky execution-system-mcp Poses Remote Riskvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7318/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7318 — Elie Mcp-Project Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7317/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7317 — Grav CMS Insecure Deserializationvulnerability, cve, medium-severity, insecure-deserialization, cwe-20, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-7316/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7316: Aider-mcp Command Injection Exposes AI Dev Workflowsvulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7315/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7315: eiceblue spire-pdf-mcp-server Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7314/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7314: eiceblue spire-doc-mcp-server Path Traversal Publicly Exploitedvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7306/ Shimi's Cyber World en 2026-04-29T01:16:51+03:00 CVE-2026-7306 — Xuxueli Xxl-Job Vulnerabilityvulnerability, cve, medium-severity, cwe-320, cwe-321 https://shimiscyberworld.com/posts/nvd-CVE-2026-7305/ Shimi's Cyber World en 2026-04-29T01:16:50+03:00 CVE-2026-7305 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41649/ Shimi's Cyber World en 2026-04-29T01:16:49+03:00 Outline Insecure Direct Object Reference (CVE-2026-41649) Exposes Documentsvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-33467/ Shimi's Cyber World en 2026-04-29T01:16:48+03:00 CVE-2026-33467 — Improper Verification of Cryptographic Signature (CWE-347)vulnerability, cve, medium-severity, cwe-347 https://shimiscyberworld.com/posts/spy-agency-officials-say-job-loss-anxiety-moving-fast-safe-x3o7u/ Shimi's Cyber World en 2026-04-29T00:43:20+03:00 NGA Grapples with AI Workforce Overhaul and Job Anxietythreat-intel, policy, government, microsoft, tools https://shimiscyberworld.com/posts/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw-kdccf/ Shimi's Cyber World en 2026-04-29T00:07:23+03:00 LiteLLM Pre-Auth SQLi Actively Exploited: CVE-2026-42208threat-intel, data-breach, malware, vulnerability, ai-security https://shimiscyberworld.com/posts/nsa-chief-during-snowden-affair-shares-regrets-reflections-pagdy/ Shimi's Cyber World en 2026-04-28T23:38:59+03:00 NSA Chief Reflects on Snowden Leaks: Lessons for CISOsthreat-intel, tools https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-04-28T23:00:00+03:00 Daily Security Digest — 2026-04-28daily-digest, vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78, privilege-escalation, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-42431/ Shimi's Cyber World en 2026-04-28T22:37:47+03:00 CVE-2026-42431: OpenClaw Vulnerability Allows Persistent Browser Profile Mutationvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42426/ Shimi's Cyber World en 2026-04-28T22:37:46+03:00 OpenClaw CVE-2026-42426: Improper Authorization Allows Node Pairing Bypassvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42422/ Shimi's Cyber World en 2026-04-28T22:37:45+03:00 OpenClaw CVE-2026-42422: Role Bypass Allows Unapproved Token Mintingvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41914/ Shimi's Cyber World en 2026-04-28T22:37:45+03:00 OpenClaw QQ Bot SSRF Vulnerability Bypasses Protections (CVE-2026-41914)vulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41404/ Shimi's Cyber World en 2026-04-28T22:37:43+03:00 OpenClaw Privilege Escalation via Incomplete Scope Clearing (CVE-2026-41404)vulnerability, cve, high-severity, privilege-escalation, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41394/ Shimi's Cyber World en 2026-04-28T22:37:42+03:00 OpenClaw CVE-2026-41394: Authentication Bypass Grants Operator Write Scopesvulnerability, cve, high-severity, authentication-bypass, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-41387/ Shimi's Cyber World en 2026-04-28T22:37:41+03:00 OpenClaw Incomplete Host Environment Sanitization Allows Package Overridesvulnerability, cve, high-severity, cwe-183 https://shimiscyberworld.com/posts/nvd-CVE-2026-41386/ Shimi's Cyber World en 2026-04-28T22:37:41+03:00 OpenClaw Privilege Escalation: Critical Flaw in Device Pairingvulnerability, cve, critical, high-severity, privilege-escalation, cwe-648 https://shimiscyberworld.com/posts/nvd-CVE-2026-41384/ Shimi's Cyber World en 2026-04-28T22:37:41+03:00 OpenClaw CLI Vulnerability Allows Code Execution via Environment Variable Injectionvulnerability, cve, high-severity, code-execution, cwe-15 https://shimiscyberworld.com/posts/nvd-CVE-2026-41383/ Shimi's Cyber World en 2026-04-28T22:37:41+03:00 CVE-2026-41383: OpenClaw Arbitrary Directory Deletion Flaw Exposes Remote Datavulnerability, cve, high-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41378/ Shimi's Cyber World en 2026-04-28T22:37:40+03:00 OpenClaw Privilege Escalation (CVE-2026-41378) Allows RCE via Paired Nodesvulnerability, cve, high-severity, remote-code-execution, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-3893/ Shimi's Cyber World en 2026-04-28T22:37:39+03:00 CVE-2026-3893: Carlson VASCO-B GNSS Receiver Lacks Authenticationvulnerability, cve, critical, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-24222/ Shimi's Cyber World en 2026-04-28T22:36:45+03:00 NVIDIA NeMoClaw Vulnerability Exposes Host Environment Variablesvulnerability, cve, high-severity, information-disclosure, cwe-497 https://shimiscyberworld.com/posts/nvd-CVE-2026-24186/ Shimi's Cyber World en 2026-04-28T22:36:45+03:00 NVIDIA FLARE SDK Vulnerability: Untrusted Deserialization Leads to RCEvulnerability, cve, high-severity, code-execution, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-24178/ Shimi's Cyber World en 2026-04-28T22:36:45+03:00 NVIDIA NVFlare Dashboard: Critical Auth Bypass Puts Systems at Riskvulnerability, cve, critical, high-severity, code-execution, cwe-639 https://shimiscyberworld.com/posts/vidar-rises-to-top-of-chaotic-infostealer-market-emmj1/ Shimi's Cyber World en 2026-04-28T22:07:16+03:00 Vidar Infostealer Dominates Post-Takedown Market Vacuumthreat-intel, tools, malware https://shimiscyberworld.com/posts/telegram-1542954397-4548/ Shimi's Cyber World en 2026-04-28T21:03:18+03:00 XChat Lacks True E2E, Metadata Exposure Persists https://shimiscyberworld.com/posts/telegram-1427288221-8844/ Shimi's Cyber World en 2026-04-28T20:53:48+03:00 GitHub RCE Vulnerability Exposes Millions of Repositoriesisrael https://shimiscyberworld.com/posts/telegram-1427288221-8843/ Shimi's Cyber World en 2026-04-28T20:42:07+03:00 Ynet, Population Authority Project Pulled Over Data Exposure Flawisrael https://shimiscyberworld.com/posts/brazilian-lofygang-resurfaces-after-three-years-with-minecra-g3nbk/ Shimi's Cyber World en 2026-04-28T20:39:00+03:00 LofyGang Resurfaces, Targets Minecraft Players with LofyStealer Malwarethreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/cyber-command-nsa-chief-warns-foreign-adversaries-likely-to-2x8o0/ Shimi's Cyber World en 2026-04-28T20:26:00+03:00 Cyber Command Warns Foreign Adversaries Targeting Midterm Electionsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/video-site-vimeo-blames-security-incident-on-anodot-breach-jrutw/ Shimi's Cyber World en 2026-04-28T19:21:00+03:00 Vimeo Blames Anodot Breach for User Data Theft by ShinyHuntersthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2025-60887/ Shimi's Cyber World en 2026-04-28T19:16:05+03:00 CVE-2025-60887 — Cista Insecure Deserializationvulnerability, cve, medium-severity, insecure-deserialization https://shimiscyberworld.com/posts/nvd-CVE-2026-7321/ Shimi's Cyber World en 2026-04-28T18:16:37+03:00 Firefox ESR Sandbox Escape: Critical CVE-2026-7321 Demands Immediate Attentionvulnerability, cve, critical, high-severity, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7289/ Shimi's Cyber World en 2026-04-28T18:16:37+03:00 D-Link DIR-825M Buffer Overflow (CVE-2026-7289) Exposes Routersvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7288/ Shimi's Cyber World en 2026-04-28T18:16:37+03:00 D-Link DIR-825M Buffer Overflow (CVE-2026-7288) Publicly Disclosedvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7283/ Shimi's Cyber World en 2026-04-28T18:16:36+03:00 CVE-2026-7283 — SourceCodester Pharmacy Sales And Inventory System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7282/ Shimi's Cyber World en 2026-04-28T18:16:36+03:00 CVE-2026-7282 — SourceCodester Pharmacy Sales And Inventory System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-40968/ Shimi's Cyber World en 2026-04-28T18:16:30+03:00 CVE-2026-40968 — When an authenticated user is denied access to a gRPCvulnerability, cve, medium-severity, cwe-653 https://shimiscyberworld.com/posts/nvd-CVE-2026-27760/ Shimi's Cyber World en 2026-04-28T18:16:26+03:00 OpenCATS Installer Vulnerability Allows Unauthenticated PHP Code Injectionvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/ukrainian-police-detain-hackers-suspected-of-stealing-thousa-qj6eq/ Shimi's Cyber World en 2026-04-28T17:57:00+03:00 Ukraine Police Arrest Hackers Targeting Thousands of Roblox Accountsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-7272/ Shimi's Cyber World en 2026-04-28T17:16:14+03:00 CVE-2026-7272: WilliamCloudQi matlab-mcp-server Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-5944/ Shimi's Cyber World en 2026-04-28T17:16:13+03:00 CVE-2026-5944: Cisco Intersight Connector Exposes Nutanix Prism Central APIvulnerability, cve, high-severity, improper-access-control, cwe-306, cwe-862 https://shimiscyberworld.com/posts/vect-2-0-ransomware-irreversibly-destroys-files-over-131kb-o-v382i/ Shimi's Cyber World en 2026-04-28T17:01:00+03:00 VECT 2.0 Ransomware: Wiper-Like Flaw Irreversibly Destroys Filesthreat-intel, vulnerability, malware, ransomware, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-7309/ Shimi's Cyber World en 2026-04-28T16:19:24+03:00 CVE-2026-7309 — The OpenShift Container Platform Build System Information Disclosurevulnerability, cve, medium-severity, information-disclosure, cwe-426 https://shimiscyberworld.com/posts/nvd-CVE-2026-7271/ Shimi's Cyber World en 2026-04-28T16:19:24+03:00 CVE-2026-7271 — DV0x Creative-Ad-Agent Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7268/ Shimi's Cyber World en 2026-04-28T15:16:02+03:00 CVE-2026-7268 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7267/ Shimi's Cyber World en 2026-04-28T15:16:02+03:00 CVE-2026-7267 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7266/ Shimi's Cyber World en 2026-04-28T15:16:02+03:00 CVE-2026-7266 — SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/cisa-kev-CVE-2024-1708/ Shimi's Cyber World en 2026-04-28T15:00:00+03:00 CVE-2024-1708 — ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerabilityvulnerability, cve, cisa-kev, actively-exploited https://shimiscyberworld.com/posts/why-secure-data-movement-is-the-zero-trust-bottleneck-nobody-rls1b/ Shimi's Cyber World en 2026-04-28T14:58:00+03:00 Secure Data Movement is Zero Trust's Unseen Bottleneckthreat-intel, vulnerability https://shimiscyberworld.com/posts/telegram-1427288221-8842/ Shimi's Cyber World en 2026-04-28T14:56:31+03:00 AI Agents Claude, Cursor, Codex Weaponize Text Filesisrael https://shimiscyberworld.com/posts/critical-unpatched-flaw-leaves-hugging-face-lerobot-open-to-84lys/ Shimi's Cyber World en 2026-04-28T14:18:00+03:00 Hugging Face LeRobot RCE: Unauthenticated Deserialization Flawthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/after-mythos-new-playbooks-for-a-zero-window-era-tyb2q/ Shimi's Cyber World en 2026-04-28T13:30:00+03:00 AI Accelerates Exploit Windows, Demanding Faster Defensethreat-intel, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-7280/ Shimi's Cyber World en 2026-04-28T13:16:04+03:00 CVE-2026-7280 — Code Executionvulnerability, cve, medium-severity, code-execution, cwe-428 https://shimiscyberworld.com/posts/nvd-CVE-2026-7279/ Shimi's Cyber World en 2026-04-28T13:16:04+03:00 AVACAST DLL Hijacking (CVE-2026-7279) Allows System Code Executionvulnerability, cve, high-severity, code-execution, cwe-427 https://shimiscyberworld.com/posts/nvd-CVE-2026-7264/ Shimi's Cyber World en 2026-04-28T13:16:03+03:00 CVE-2026-7264 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7248/ Shimi's Cyber World en 2026-04-28T12:16:18+03:00 D-Link DI-8100 Critical Buffer Overflow Vulnerability (CVE-2026-7248)vulnerability, cve, critical, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7247/ Shimi's Cyber World en 2026-04-28T12:16:18+03:00 D-Link DI-8100 Buffer Overflow: CVE-2026-7247 Exposes Remote Exploitation Riskvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7244/ Shimi's Cyber World en 2026-04-28T12:16:17+03:00 CVE-2026-7244: Critical Command Injection Flaw in Totolink Routervulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7243/ Shimi's Cyber World en 2026-04-28T12:16:17+03:00 Totolink RCE: CVE-2026-7243 Exposes Routers to Critical Command Injectionvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7242/ Shimi's Cyber World en 2026-04-28T12:16:17+03:00 CVE-2026-7242: Critical Command Injection in Totolink A8000RUvulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7241/ Shimi's Cyber World en 2026-04-28T12:16:17+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7241)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-40980/ Shimi's Cyber World en 2026-04-28T12:16:16+03:00 CVE-2026-40980 — In Spring AI, a malicious PDF file can be crafted thatvulnerability, cve, medium-severity, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-40979/ Shimi's Cyber World en 2026-04-28T12:16:16+03:00 CVE-2026-40979 — In Spring AI, having access to a shared environment canvulnerability, cve, medium-severity, cwe-377 https://shimiscyberworld.com/posts/nvd-CVE-2026-40978/ Shimi's Cyber World en 2026-04-28T12:16:16+03:00 Spring AI CosmosDBVectorStore Vulnerable to SQL Injection (CVE-2026-40978)vulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/telegram-1427288221-8841/ Shimi's Cyber World en 2026-04-28T12:15:54+03:00 Robinhood Registration Form Abused for Official-Looking Phishingisrael https://shimiscyberworld.com/posts/microsoft-asks-iphone-users-to-reauthenticate-after-outlook-1skep/ Shimi's Cyber World en 2026-04-28T11:37:12+03:00 Microsoft Outlook Outage Forces iPhone Users to Re-Authenticatethreat-intel, data-breach, malware, microsoft, identity https://shimiscyberworld.com/posts/nvd-CVE-2026-7240/ Shimi's Cyber World en 2026-04-28T11:16:02+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7240)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7238/ Shimi's Cyber World en 2026-04-28T11:16:02+03:00 CVE-2026-7238 — Code-Projects Online Music Site Unrestricted File Uploadvulnerability, cve, medium-severity, unrestricted-file-upload, cwe-284, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-7237/ Shimi's Cyber World en 2026-04-28T11:16:02+03:00 CVE-2026-7237: AgiFlow Path Traversal Puts Files at Riskvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7235/ Shimi's Cyber World en 2026-04-28T11:16:02+03:00 CVE-2026-7235 — ErlichLiu Claude-Agent-Sdk-Master Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-4911/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-4911 — The Booking Package plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-472 https://shimiscyberworld.com/posts/nvd-CVE-2026-4805/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-4805 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41526/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-41526 — In KDE KCoreAddons before 6.25, KShell::quoteArgs isvulnerability, cve, medium-severity, cwe-150 https://shimiscyberworld.com/posts/nvd-CVE-2026-41525/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-41525 — KDE Dolphin before 25.12.3 allows applications in a Flatpakvulnerability, cve, medium-severity, cwe-669 https://shimiscyberworld.com/posts/nvd-CVE-2026-40966/ Shimi's Cyber World en 2026-04-28T11:16:01+03:00 CVE-2026-40966 — In Spring AI, an attacker can bypass conversation isolationvulnerability, cve, medium-severity, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-7234/ Shimi's Cyber World en 2026-04-28T10:16:04+03:00 CVE-2026-7234: Path Traversal Flaw in BrowserOperator Core Exposes Usersvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7230/ Shimi's Cyber World en 2026-04-28T10:16:03+03:00 CVE-2026-7230 — SourceCodester Safety Anger Pad Vulnerabilityvulnerability, cve, medium-severity, cwe-79, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-7229/ Shimi's Cyber World en 2026-04-28T10:16:03+03:00 CVE-2026-7229 — Code-Projects Coaching Management System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-40967/ Shimi's Cyber World en 2026-04-28T10:16:03+03:00 Spring AI Vulnerability (CVE-2026-40967) Allows Query Alterationvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-40356/ Shimi's Cyber World en 2026-04-28T10:16:03+03:00 CVE-2026-40356 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-191 https://shimiscyberworld.com/posts/telegram-1707304340-2297/ Shimi's Cyber World en 2026-04-28T09:59:34+03:00 Google Reports 32% Surge in Prompt Injection Attacksisrael, ai-security https://shimiscyberworld.com/posts/microsoft-patches-entra-id-role-flaw-that-enabled-service-pr-5lakt/ Shimi's Cyber World en 2026-04-28T09:37:00+03:00 Microsoft Entra ID Agent Role Flaw Enabled Service Principal Takeoverthreat-intel, vulnerability, microsoft, identity, ai-security https://shimiscyberworld.com/posts/medtronic-hack-confirmed-after-shinyhunters-threatens-data-l-gtyoc/ Shimi's Cyber World en 2026-04-28T09:35:19+03:00 Medtronic Confirms Breach After ShinyHunters Data Leak Threatthreat-intel, vulnerability, data-breach https://shimiscyberworld.com/posts/nvd-CVE-2026-7228/ Shimi's Cyber World en 2026-04-28T09:16:05+03:00 CVE-2026-7228: SourceCodester Pizzafy SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7227/ Shimi's Cyber World en 2026-04-28T09:16:05+03:00 CVE-2026-7227: SourceCodester Pizzafy Ecommerce System SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7226/ Shimi's Cyber World en 2026-04-28T09:16:05+03:00 CVE-2026-7226: SQL Injection in SourceCodester Pizzafy Ecommerce Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7225/ Shimi's Cyber World en 2026-04-28T09:16:05+03:00 CVE-2026-7225: SourceCodester Pizzafy SQL Injection Vulnerabilityvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7224/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-7224: SQL Injection in SourceCodester Pizzafy Ecommerce Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6809/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-6809 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6725/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-6725 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6551/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-6551 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42510/ Shimi's Cyber World en 2026-04-28T09:16:04+03:00 CVE-2026-42510 — OpenStack Ironic through 25.0.0 allows ipmitool executionvulnerability, cve, medium-severity, cwe-829 https://shimiscyberworld.com/posts/nvd-CVE-2026-40355/ Shimi's Cyber World en 2026-04-28T09:16:03+03:00 CVE-2026-40355 — Null Pointer Dereferencevulnerability, cve, medium-severity, null-pointer-dereference, cwe-476 https://shimiscyberworld.com/posts/microsoft-confirms-active-exploitation-of-windows-shell-cve-14h3k/ Shimi's Cyber World en 2026-04-28T08:50:00+03:00 Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202threat-intel, vulnerability, microsoft https://shimiscyberworld.com/posts/telegram-1427288221-8839/ Shimi's Cyber World en 2026-04-28T08:02:10+03:00 ShinyHunters Claims Vimeo Breach, Citing Anodot Compromiseisrael https://shimiscyberworld.com/posts/telegram-1427288221-8838/ Shimi's Cyber World en 2026-04-28T07:55:28+03:00 RansomHouse Claims CyberSecurity Vendor with Billions in Revenueisrael, ransomware https://shimiscyberworld.com/posts/telegram-1707304340-2296/ Shimi's Cyber World en 2026-04-28T07:41:31+03:00 HAFNIUM Hacker Extradited to US for Microsoft Exchange Attacks, COVID-19 Espionageisrael, microsoft, threat-intel https://shimiscyberworld.com/posts/nvd-CVE-2026-7223/ Shimi's Cyber World en 2026-04-28T07:16:29+03:00 CVE-2026-7223: BigSweetPotatoStudio HyperChat SSRF Vulnerabilityvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7221/ Shimi's Cyber World en 2026-04-28T07:16:26+03:00 TencentCloudBase CloudBase-MCP SSRF Vulnerability (CVE-2026-7221)vulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7220/ Shimi's Cyber World en 2026-04-28T07:16:26+03:00 CVE-2026-7220: FastlyMCP Command Injection Exposes Infrastructurevulnerability, cve, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7219/ Shimi's Cyber World en 2026-04-28T07:16:23+03:00 Totolink N300RT: High-Severity Buffer Overflow Vulnerability (CVE-2026-7219)vulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7218/ Shimi's Cyber World en 2026-04-28T06:16:04+03:00 CVE-2026-7218: Totolink N300RT Buffer Overflow Exploited Remotelyvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7217/ Shimi's Cyber World en 2026-04-28T06:16:04+03:00 CVE-2026-7217 — Deepractice PromptX Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22, cwe-36 https://shimiscyberworld.com/posts/nvd-CVE-2026-7216/ Shimi's Cyber World en 2026-04-28T06:16:04+03:00 CVE-2026-7216: donchelo processing-claude-mcp-bridge Path Traversalvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7215/ Shimi's Cyber World en 2026-04-28T06:16:04+03:00 egtai gmx-vmd-mcp Vulnerability: Remote Command Injection (CVE-2026-7215)vulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-1460/ Shimi's Cyber World en 2026-04-28T06:16:02+03:00 CVE-2026-1460: Zyxel Routers Vulnerable to Admin Command Injectionvulnerability, cve, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-0711/ Shimi's Cyber World en 2026-04-28T06:16:02+03:00 CVE-2026-0711 — The EasyMesh-Related APIs Of Zyxel DX3300-T0 Firmware Versio Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7214/ Shimi's Cyber World en 2026-04-28T05:16:08+03:00 CVE-2026-7214: eghuzefa engineer-your-data Path Traversal Vulnerability (High Severity)vulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7213/ Shimi's Cyber World en 2026-04-28T05:16:08+03:00 ef10007 MLOps_MCP Path Traversal (CVE-2026-7213) Publicly Exploitablevulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7212/ Shimi's Cyber World en 2026-04-28T05:16:08+03:00 CVE-2026-7212: edvardlindelof notes-mcp Path Traversal Vulnerabilityvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7211/ Shimi's Cyber World en 2026-04-28T04:16:02+03:00 CVE-2026-7211: dvladimirov MCP Command Injection Vulnerabilityvulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-7206/ Shimi's Cyber World en 2026-04-28T04:16:02+03:00 CVE-2026-7206: sqlite-mcp SQL Injection Vulnerability Exposedvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-7205/ Shimi's Cyber World en 2026-04-28T04:16:01+03:00 CVE-2026-7205: High-Severity Path Traversal in duartium papers-mcp-servervulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-7204/ Shimi's Cyber World en 2026-04-28T04:16:01+03:00 Totolink A8000RU Critical Command Injection (CVE-2026-7204)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7203/ Shimi's Cyber World en 2026-04-28T04:16:01+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7203)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7202/ Shimi's Cyber World en 2026-04-28T04:16:01+03:00 Totolink A8000RU Critical OS Command Injection (CVE-2026-7202)vulnerability, cve, critical, high-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-32649/ Shimi's Cyber World en 2026-04-28T04:16:00+03:00 CVE-2026-32649 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-32644/ Shimi's Cyber World en 2026-04-28T04:16:00+03:00 Milesight AIOT Cameras Critical Vulnerability: Default SSL Keys Exposedvulnerability, cve, critical, high-severity, cwe-321 https://shimiscyberworld.com/posts/nvd-CVE-2026-20766/ Shimi's Cyber World en 2026-04-28T04:16:00+03:00 Milesight AIOT Cameras Vulnerable to Out-of-Bounds Memory Access (CVE-2026-20766)vulnerability, cve, high-severity, cwe-122