https://shimiscyberworld.com/posts/telegram-1427288221-8933/ Shimi's Cyber World en 2026-05-16T23:22:12+03:00 Pwn2Own Berlin 2026 Concludes: 47 Zero-Days, $1.3 Million Awardedisrael, vulnerability https://shimiscyberworld.com/posts/telegram-1427288221-8932/ Shimi's Cyber World en 2026-05-16T23:19:26+03:00 node-ipc Supply Chain Attack: Malicious Code Steals Passwordsisrael, telegram https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-16T23:00:00+03:00 Daily Security Digest — 2026-05-16daily-digest, vulnerability, cve, critical, high-severity, cwe-307, code-execution, cwe-415, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/telegram-1542954397-4591/ Shimi's Cyber World en 2026-05-16T20:15:07+03:00 Microsoft Windows LPE: Nightmare Eclipse Resurfaces Old CVE-2020-17103 Flawvulnerability, microsoft, threat-intel https://shimiscyberworld.com/posts/nvd-CVE-2021-47979/ Shimi's Cyber World en 2026-05-16T19:16:23+03:00 WordPress Plugin Backup and Restore: Arbitrary File Deletion Exposes Installationsvulnerability, cve, high-severity, arbitrary-file-access, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2021-47976/ Shimi's Cyber World en 2026-05-16T19:16:23+03:00 TextPattern CMS RCE via Plugin Upload (CVE-2021-47976)vulnerability, cve, high-severity, remote-code-execution, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2021-47956/ Shimi's Cyber World en 2026-05-16T19:16:21+03:00 EgavilanMedia PHPCRUD SQLi Exposes Unauthenticated Data Accessvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2021-47954/ Shimi's Cyber World en 2026-05-16T19:16:21+03:00 CVE-2021-47954: Unauthenticated SQLi in LayerBB 1.1.4vulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2021-47952/ Shimi's Cyber World en 2026-05-16T19:16:21+03:00 python jsonpickle RCE (CVE-2021-47952) Exploits Malicious JSON Payloadsvulnerability, cve, critical, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2020-37244/ Shimi's Cyber World en 2026-05-16T19:16:20+03:00 CVE-2020-37244: Supsystic Membership SQLi Puts User Data at Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2020-37243/ Shimi's Cyber World en 2026-05-16T19:16:20+03:00 Supsystic Pricing Table SQLi & XSS: Unauthenticated RCE Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2020-37242/ Shimi's Cyber World en 2026-05-16T19:16:20+03:00 Supsystic Ultimate Maps SQLi: Unauthenticated RCE Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2020-37239/ Shimi's Cyber World en 2026-05-16T19:16:20+03:00 CVE-2020-37239: libbabl Double Free Bypasses Memory Safetyvulnerability, cve, critical, high-severity, code-execution, cwe-415 https://shimiscyberworld.com/posts/nvd-CVE-2020-37232/ Shimi's Cyber World en 2026-05-16T19:16:19+03:00 Advanced SystemCare Service Vulnerability: Local Privilege Escalationvulnerability, cve, high-severity, cwe-428 https://shimiscyberworld.com/posts/nvd-CVE-2020-37231/ Shimi's Cyber World en 2026-05-16T19:16:19+03:00 Privacy Drive 3.17.0 Unquoted Path Leads to Local Privilege Escalationvulnerability, cve, high-severity, cwe-428 https://shimiscyberworld.com/posts/nvd-CVE-2020-37230/ Shimi's Cyber World en 2026-05-16T19:16:18+03:00 Syncplify.me Server! CVE-2020-37230: Local Privilege Escalationvulnerability, cve, high-severity, cwe-428 https://shimiscyberworld.com/posts/nvd-CVE-2020-37229/ Shimi's Cyber World en 2026-05-16T19:16:18+03:00 OKI sPSV Port Manager: Local Privilege Escalation via Unquoted Pathvulnerability, cve, high-severity, cwe-428 https://shimiscyberworld.com/posts/nvd-CVE-2020-37228/ Shimi's Cyber World en 2026-05-16T19:16:18+03:00 CVE-2020-37228: iDS6 DSSPro Digital Signage CAPTCHA Bypassvulnerability, cve, critical, high-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2020-37227/ Shimi's Cyber World en 2026-05-16T19:16:17+03:00 CVE-2020-37227: HS Brand Logo Slider Unrestricted File Upload Leads to RCEvulnerability, cve, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2025-4202/ Shimi's Cyber World en 2026-05-16T16:16:16+03:00 CVE-2025-4202 — The Multicollab: Content Team Collaboration and Editorialvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/telegram-1542954397-4590/ Shimi's Cyber World en 2026-05-16T15:04:42+03:00 Foxconn North America Confirms Cyberattack by Nitrogen Ransomware https://shimiscyberworld.com/posts/poc-code-published-for-critical-nginx-vulnerability-d938d/ Shimi's Cyber World en 2026-05-16T13:02:00+03:00 Critical NGINX Vulnerability: PoC Code Publicly Releasedthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-8657/ Shimi's Cyber World en 2026-05-16T09:16:18+03:00 CVE-2026-8657: jsondiffpatch Prototype Pollution Poses High Riskvulnerability, cve, high-severity, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-8656/ Shimi's Cyber World en 2026-05-16T09:16:18+03:00 CVE-2026-8656 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-8681/ Shimi's Cyber World en 2026-05-16T06:16:21+03:00 CVE-2026-8681 — The Essential Chat Support plugin for WordPress isvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-45665/ Shimi's Cyber World en 2026-05-16T01:16:55+03:00 Open WebUI XSS Allows Privilege Escalation to Super Adminvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-45351/ Shimi's Cyber World en 2026-05-16T01:16:55+03:00 CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligencevulnerability, cve, medium-severity, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-45350/ Shimi's Cyber World en 2026-05-16T01:16:55+03:00 CVE-2026-45350: Open WebUI API Flaw Exposes Tools to Unauthorized Accessvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-45345/ Shimi's Cyber World en 2026-05-16T01:16:54+03:00 CVE-2026-45345 — Open WebUI is a self-hosted artificial intelligencevulnerability, cve, medium-severity, cwe-285 https://shimiscyberworld.com/posts/nvd-CVE-2026-45338/ Shimi's Cyber World en 2026-05-16T01:16:54+03:00 CVE-2026-45338: Open WebUI SSRF Vulnerability Exposes Internal Resourcesvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-45315/ Shimi's Cyber World en 2026-05-16T01:16:54+03:00 Open WebUI CVE-2026-45315: Polyglot Upload Enables XSSvulnerability, cve, high-severity, cwe-79, cwe-434, cwe-646 https://shimiscyberworld.com/posts/nvd-CVE-2026-45303/ Shimi's Cyber World en 2026-05-16T01:16:53+03:00 CVE-2026-45303: Open WebUI Vulnerability Allows Script Injectionvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-45301/ Shimi's Cyber World en 2026-05-16T01:16:53+03:00 Open WebUI Vulnerability Exposes All User Filesvulnerability, cve, high-severity, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-44571/ Shimi's Cyber World en 2026-05-16T01:16:53+03:00 CVE-2026-44571 — Open WebUI is a self-hosted artificial intelligencevulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44570/ Shimi's Cyber World en 2026-05-16T01:16:53+03:00 Open WebUI CVE-2026-44570: Inconsistent Auth Exposes User AI Memoriesvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44569/ Shimi's Cyber World en 2026-05-16T01:16:53+03:00 CVE-2026-44569: Open WebUI IDOR Exposes Offline AI Messagesvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44567/ Shimi's Cyber World en 2026-05-16T01:16:53+03:00 CVE-2026-44567: Open WebUI API Fails Role Validation, Allows Unauthorized Accessvulnerability, cve, high-severity, cwe-602, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-44566/ Shimi's Cyber World en 2026-05-16T01:16:52+03:00 Open WebUI Vulnerability Allows Arbitrary File Uploads via Path Traversalvulnerability, cve, high-severity, cwe-22, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-44565/ Shimi's Cyber World en 2026-05-16T01:16:52+03:00 Open WebUI Path Traversal (CVE-2026-44565) Allows Arbitrary File Uploadvulnerability, cve, high-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-44549/ Shimi's Cyber World en 2026-05-16T01:16:52+03:00 Open WebUI XSS Vulnerability Exposes Offline AI Platformsvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-8696/ Shimi's Cyber World en 2026-05-16T00:16:39+03:00 radare2 Use-After-Free (CVE-2026-8696) Risks Denial of Service, RCEvulnerability, cve, high-severity, use-after-free, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-45675/ Shimi's Cyber World en 2026-05-15T23:16:49+03:00 CVE-2026-45675: Open WebUI Vulnerable to Admin Role Race Conditionvulnerability, cve, high-severity, cwe-269, cwe-362 https://shimiscyberworld.com/posts/nvd-CVE-2026-45671/ Shimi's Cyber World en 2026-05-15T23:16:49+03:00 CVE-2026-45671: Open WebUI File Deletion Flaw Impacts Self-Hosted AIvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-45399/ Shimi's Cyber World en 2026-05-15T23:16:48+03:00 Open WebUI CVE-2026-45399: Low-Privilege Users Disrupt System-Wide AI Tasksvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-45349/ Shimi's Cyber World en 2026-05-15T23:16:48+03:00 Open WebUI Vulnerability Exposes User Chat Conversationsvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-45339/ Shimi's Cyber World en 2026-05-15T23:16:48+03:00 CVE-2026-45339 — Open WebUI is a self-hosted artificial intelligencevulnerability, cve, medium-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-45331/ Shimi's Cyber World en 2026-05-15T23:16:48+03:00 CVE-2026-45331: Open WebUI Vulnerability Exposes Internal Networksvulnerability, cve, high-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-44562/ Shimi's Cyber World en 2026-05-15T23:16:47+03:00 CVE-2026-44562 — Open WebUI is a self-hosted artificial intelligencevulnerability, cve, medium-severity, cwe-283, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44560/ Shimi's Cyber World en 2026-05-15T23:16:47+03:00 CVE-2026-44560 — Open WebUI is a self-hosted artificial intelligencevulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44558/ Shimi's Cyber World en 2026-05-15T23:16:47+03:00 CVE-2026-44558 — Open WebUI is a self-hosted artificial intelligencevulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44556/ Shimi's Cyber World en 2026-05-15T23:16:47+03:00 CVE-2026-44556: Open WebUI API Bypasses LLM Access Controlsvulnerability, cve, high-severity, cwe-284, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44555/ Shimi's Cyber World en 2026-05-15T23:16:46+03:00 CVE-2026-44555: Open WebUI Exposes Restricted AI Modelsvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44554/ Shimi's Cyber World en 2026-05-15T23:16:46+03:00 Open WebUI Vulnerability: Unauthorized Collection Deletion (CVE-2026-44554)vulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44553/ Shimi's Cyber World en 2026-05-15T23:16:46+03:00 Open WebUI Vulnerability: Revoked Admins Retain Accessvulnerability, cve, high-severity, cwe-613 https://shimiscyberworld.com/posts/nvd-CVE-2026-44552/ Shimi's Cyber World en 2026-05-15T23:16:46+03:00 Open WebUI Vulnerability: Redis Key Collision Exposes Multi-Instance Deploymentsvulnerability, cve, high-severity, cwe-668 https://shimiscyberworld.com/posts/nvd-CVE-2026-44551/ Shimi's Cyber World en 2026-05-15T23:16:46+03:00 CVE-2026-44551: Open WebUI LDAP Bypass via Empty Passwordvulnerability, cve, critical, high-severity, cwe-287 https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-15T23:00:00+03:00 Daily Security Digest — 2026-05-15daily-digest, vulnerability, cve, high-severity, authentication-bypass, cwe-305, information-disclosure, cwe-352, cwe-862, cwe-367 https://shimiscyberworld.com/posts/more-than-10-million-stolen-from-crypto-platform-thorchain-cuypo/ Shimi's Cyber World en 2026-05-15T22:31:00+03:00 THORChain Suffers $10.7M Crypto Heist from Vault Compromisethreat-intel, data-breach, government https://shimiscyberworld.com/posts/funnel-builder-wordpress-plugin-bug-exploited-to-steal-credi-uvfof/ Shimi's Cyber World en 2026-05-15T22:30:33+03:00 Funnel Builder WordPress Plugin Exploited to Steal Credit Cardsthreat-intel, data-breach, malware, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-8686/ Shimi's Cyber World en 2026-05-15T22:17:05+03:00 coreMQTT CVE-2026-8686: DoS via Crafted MQTT v5.0 Packetvulnerability, cve, high-severity, denial-of-service, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-46408/ Shimi's Cyber World en 2026-05-15T22:17:04+03:00 Vvveb CMS Vulnerability (CVE-2026-46408) Allows Cart Hijackingvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-46407/ Shimi's Cyber World en 2026-05-15T22:17:04+03:00 Vvveb CMS API Token Disclosure (CVE-2026-46407) High Severityvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-46367/ Shimi's Cyber World en 2026-05-15T22:17:04+03:00 phpMyFAQ Stored XSS: Authenticated Users Can Steal Admin Sessionsvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-46366/ Shimi's Cyber World en 2026-05-15T22:17:03+03:00 phpMyFAQ Information Disclosure (CVE-2026-46366) Exposes Restricted Contentvulnerability, cve, high-severity, information-disclosure, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-46364/ Shimi's Cyber World en 2026-05-15T22:17:03+03:00 CVE-2026-46364: Critical SQL Injection in phpMyFAQ Unauthenticated API Accessvulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-46361/ Shimi's Cyber World en 2026-05-15T22:17:03+03:00 CVE-2026-46361 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-46359/ Shimi's Cyber World en 2026-05-15T22:17:03+03:00 CVE-2026-46359: phpMyFAQ SQL Injection via OAuth Token Claimsvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45010/ Shimi's Cyber World en 2026-05-15T22:17:01+03:00 CVE-2026-45010: phpMyFAQ 2FA Bypass Grants Admin Accessvulnerability, cve, critical, high-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2026-44826/ Shimi's Cyber World en 2026-05-15T22:17:00+03:00 Vvveb CMS CVE-2026-44826 Allows Negative Order Totals, Exposing Merchants to Financial Fraudvulnerability, cve, high-severity, cwe-1284 https://shimiscyberworld.com/posts/nvd-CVE-2021-47966/ Shimi's Cyber World en 2026-05-15T22:16:56+03:00 CVE-2021-47966: PHP Timeclock SQLi Exposes Employee Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2021-47965/ Shimi's Cyber World en 2026-05-15T22:16:56+03:00 WordPress Plugin WP Super Edit RCE via Unrestricted File Uploadvulnerability, cve, critical, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2021-47964/ Shimi's Cyber World en 2026-05-15T22:16:56+03:00 Schlix CMS RCE (CVE-2021-47964) Exposes Servers to Authenticated Attackersvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2021-47963/ Shimi's Cyber World en 2026-05-15T22:16:55+03:00 Anote 1.0 RCE via Persistent XSS (CVE-2021-47963)vulnerability, cve, high-severity, remote-code-execution, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2021-47959/ Shimi's Cyber World en 2026-05-15T22:16:55+03:00 WordPress WPGraphQL DoS: Unauthenticated Attackers Can Crash Serversvulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-8695/ Shimi's Cyber World en 2026-05-15T20:16:49+03:00 CVE-2026-8695: radare2 Use-After-Free Allows Remote Code Executionvulnerability, cve, high-severity, code-execution, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-46383/ Shimi's Cyber World en 2026-05-15T20:16:49+03:00 CVE-2026-46383 — Microsoft APM is an open-source, community-drivenvulnerability, cve, medium-severity, cwe-22, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-45539/ Shimi's Cyber World en 2026-05-15T20:16:48+03:00 Microsoft APM Vulnerability CVE-2026-45539 Exposes AI Agent Filesvulnerability, cve, high-severity, cwe-59, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-45037/ Shimi's Cyber World en 2026-05-15T20:16:48+03:00 Tabby Terminal Vulnerability CVE-2026-45037 Allows OS Protocol Handler Hijackvulnerability, cve, high-severity, cwe-184, cwe-601 https://shimiscyberworld.com/posts/nvd-CVE-2026-45036/ Shimi's Cyber World en 2026-05-15T20:16:48+03:00 CVE-2026-45036: Tabby Terminal ZMODEM Flaw Enables Code Executionvulnerability, cve, high-severity, code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-44717/ Shimi's Cyber World en 2026-05-15T20:16:48+03:00 CVE-2026-44717: Critical RCE in MCP Calculate Server Due to `eval()`vulnerability, cve, critical, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-44714/ Shimi's Cyber World en 2026-05-15T20:16:47+03:00 CVE-2026-44714: bitcoinj Library Flaw Allows Arbitrary P2PKH/P2WPKH Spendsvulnerability, cve, high-severity, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-44641/ Shimi's Cyber World en 2026-05-15T20:16:47+03:00 CVE-2026-44641: Microsoft APM Plugin Path Traversal Vulnerabilityvulnerability, cve, high-severity, cwe-22, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-44310/ Shimi's Cyber World en 2026-05-15T20:16:47+03:00 CVE-2026-44310 — Gitsign is a keyless Sigstore to signing tool for Gitvulnerability, cve, medium-severity, cwe-129, cwe-390 https://shimiscyberworld.com/posts/nvd-CVE-2026-44309/ Shimi's Cyber World en 2026-05-15T20:16:47+03:00 CVE-2026-44309 — Gitsign is a keyless Sigstore to signing tool for Gitvulnerability, cve, medium-severity, cwe-295, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-42207/ Shimi's Cyber World en 2026-05-15T20:16:46+03:00 CVE-2026-42207 — Magento Long Term Support (LTS) is an unofficial,vulnerability, cve, medium-severity, cwe-601 https://shimiscyberworld.com/posts/nvd-CVE-2026-41258/ Shimi's Cyber World en 2026-05-15T20:16:46+03:00 OpenMRS RCE: Critical Vulnerability Allows Unrestricted Java Reflectionvulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-23695/ Shimi's Cyber World en 2026-05-15T20:16:45+03:00 CVE-2026-23695 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/popular-node-ipc-npm-package-compromised-to-steal-credential-x3md6/ Shimi's Cyber World en 2026-05-15T20:10:42+03:00 node-ipc npm Package Compromised to Steal Credentialsthreat-intel, data-breach, malware, identity https://shimiscyberworld.com/posts/turla-turns-kazuar-backdoor-into-modular-p2p-botnet-for-pers-tljha/ Shimi's Cyber World en 2026-05-15T20:10:25+03:00 Turla Transforms Kazuar Backdoor into Modular P2P Botnetthreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-45736/ Shimi's Cyber World en 2026-05-15T18:16:54+03:00 CVE-2026-45736 — ws is an open source WebSocket client and server forvulnerability, cve, medium-severity, cwe-908 https://shimiscyberworld.com/posts/in-other-news-big-tech-vs-canada-encryption-bill-cisco-s-f-iomva/ Shimi's Cyber World en 2026-05-15T17:52:16+03:00 Nvidia, Android, Audi, Canvas: Security Week Highlights Key Flawsthreat-intel, vulnerability, data-breach, cloud, ai-security https://shimiscyberworld.com/posts/four-openclaw-flaws-enable-data-theft-privilege-escalation-a7v6t/ Shimi's Cyber World en 2026-05-15T16:35:04+03:00 OpenClaw Flaws Chained for Data Theft, Persistencethreat-intel, vulnerability, malware, cloud https://shimiscyberworld.com/posts/cisa-orders-all-federal-agencies-to-patch-exploited-bug-in-c-dxy9y/ Shimi's Cyber World en 2026-05-15T16:16:00+03:00 CISA Mandates Cisco SD-WAN Patch for Federal Agenciesthreat-intel, data-breach, government, vulnerability, identity, tools https://shimiscyberworld.com/posts/attackers-replaced-jdownloader-installer-downloads-with-malw-ne7yp/ Shimi's Cyber World en 2026-05-15T15:45:47+03:00 JDownloader Installer Compromised, Delivering Python RAT via Unpatched CMSmalware, threat-intel, ransomware, vulnerability, data-breach, microsoft, identity https://shimiscyberworld.com/posts/telegram-1427288221-8931/ Shimi's Cyber World en 2026-05-15T15:03:45+03:00 Robotic Lawn Mower Vulnerability: Remote Control Exposes Physical Riskisrael https://shimiscyberworld.com/posts/american-lending-center-data-breach-affects-123-000-individu-m967u/ Shimi's Cyber World en 2026-05-15T14:06:55+03:00 American Lending Center Data Breach Exposes 123,000 Individualsthreat-intel, vulnerability, malware, ransomware, data-breach https://shimiscyberworld.com/posts/what-45-days-of-watching-your-own-tools-will-tell-you-about-5do30/ Shimi's Cyber World en 2026-05-15T14:00:00+03:00 Trusted Tools: The Silent Threat in Your Attack Surfacethreat-intel, vulnerability, malware, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-41971/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41971 — Permission control vulnerability in the security controlvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41970/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41970 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-41969/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41969 — Permission control vulnerability in the projection module.vulnerability, cve, medium-severity, cwe-275 https://shimiscyberworld.com/posts/nvd-CVE-2026-41968/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41968 — Permission control vulnerability in the manufacturabilityvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41967/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41967 — Permission control vulnerability in the manufacturabilityvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41966/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41966 — Permission control vulnerability in the smart sensingvulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41965/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41965 — Use-After-Freevulnerability, cve, medium-severity, use-after-free, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41964/ Shimi's Cyber World en 2026-05-15T13:16:35+03:00 CVE-2026-41964: High-Severity Web Permission Control Vulnerability Disclosedvulnerability, cve, high-severity, cwe-362 https://shimiscyberworld.com/posts/nvd-CVE-2026-41961/ Shimi's Cyber World en 2026-05-15T13:16:34+03:00 CVE-2026-41961 — Permission control vulnerability in contacts. Impact:vulnerability, cve, medium-severity, cwe-840 https://shimiscyberworld.com/posts/nvd-CVE-2026-41960/ Shimi's Cyber World en 2026-05-15T13:16:33+03:00 CVE-2026-41960 — Permission control vulnerability in calls. Impact:vulnerability, cve, medium-severity, cwe-200 https://shimiscyberworld.com/posts/gremlin-stealer-s-evolved-tactics-hiding-in-plain-sight-wit-271z9/ Shimi's Cyber World en 2026-05-15T13:00:52+03:00 Gremlin Stealer Evolves with Advanced Obfuscation, Crypto Clippingthreat-intel, apt, malware, research, unit-42 https://shimiscyberworld.com/posts/teampcp-ups-the-game-releases-shai-hulud-worm-s-source-code-cpe3q/ Shimi's Cyber World en 2026-05-15T12:47:09+03:00 TeamPCP Releases Shai-Hulud Worm Source Code, Incentivizes Supply Chain Attacksthreat-intel, vulnerability, malware, tools https://shimiscyberworld.com/posts/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attac-obplf/ Shimi's Cyber World en 2026-05-15T12:40:42+03:00 Microsoft Exchange Zero-Day Exploited via XSS in Outlook on the webthreat-intel, data-breach, malware, vulnerability, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-8425/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-8425 — The Notify Odoo plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-8398/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-8398: DAEMON Tools Lite Supply Chain Compromisevulnerability, cve, critical, high-severity, cwe-506 https://shimiscyberworld.com/posts/nvd-CVE-2026-7563/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-7563 — The Classified Listing – AI-Powered Classified ads &vulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-7046/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-7046 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6415/ Shimi's Cyber World en 2026-05-15T12:16:17+03:00 CVE-2026-6415 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6403/ Shimi's Cyber World en 2026-05-15T12:16:16+03:00 WordPress Quick Playground Plugin Path Traversal (CVE-2026-6403)vulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-6228/ Shimi's Cyber World en 2026-05-15T12:16:16+03:00 CVE-2026-6228: WordPress Frontend Admin Plugin Privilege Escalationvulnerability, cve, high-severity, privilege-escalation, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-5229/ Shimi's Cyber World en 2026-05-15T12:16:16+03:00 WordPress Form Notify Plugin: Critical Authentication Bypass (CVE-2026-5229)vulnerability, cve, critical, high-severity, authentication-bypass, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-4683/ Shimi's Cyber World en 2026-05-15T12:16:16+03:00 CVE-2026-4683 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-862 https://shimiscyberworld.com/posts/telegram-1542954397-4588/ Shimi's Cyber World en 2026-05-15T12:05:28+03:00 Google Pixel Contextual Suggestions Raise Privacy Concerns https://shimiscyberworld.com/posts/chrome-148-update-patches-critical-vulnerabilities-yx1wy/ Shimi's Cyber World en 2026-05-15T10:25:15+03:00 Chrome 148 Update Patches Critical Vulnerabilitiesthreat-intel, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-6646/ Shimi's Cyber World en 2026-05-15T10:16:20+03:00 CVE-2026-6646 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-4094/ Shimi's Cyber World en 2026-05-15T10:16:20+03:00 CVE-2026-4094: WooCommerce Currency Switcher Plugin Vulnerable to Data Lossvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-41702/ Shimi's Cyber World en 2026-05-15T10:16:18+03:00 VMware Fusion TOCTOU Flaw Grants Root Privilegesvulnerability, cve, high-severity, cwe-367 https://shimiscyberworld.com/posts/nvd-CVE-2026-28761/ Shimi's Cyber World en 2026-05-15T09:16:20+03:00 Musetheque V4 CSRF Vulnerability (CVE-2026-28761) Poses High Riskvulnerability, cve, high-severity, information-disclosure, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-24662/ Shimi's Cyber World en 2026-05-15T09:16:19+03:00 CVE-2026-24662 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-2652/ Shimi's Cyber World en 2026-05-15T06:16:23+03:00 mlflow Unauthenticated Access: FastAPI Routes Exposed in Versions < 3.10.0vulnerability, cve, high-severity, authentication-bypass, cwe-305 https://shimiscyberworld.com/posts/teampcp-hackers-advertise-mistral-ai-code-repos-for-sale-weqm4/ Shimi's Cyber World en 2026-05-15T01:50:36+03:00 Mistral AI Source Code Advertised for Sale by TeamPCPthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-6811/ Shimi's Cyber World en 2026-05-15T01:16:45+03:00 CVE-2026-6811 — Stack exhaustion vulnerability in the MongoDB PHP drivervulnerability, cve, medium-severity, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-45248/ Shimi's Cyber World en 2026-05-15T01:16:45+03:00 CVE-2026-45248 — The GET /Api/V1/Demo/Registered-Users Endpoint That Authentication Bypassvulnerability, cve, medium-severity, authentication-bypass, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-44671/ Shimi's Cyber World en 2026-05-15T01:16:44+03:00 ZITADEL LDAP Filter Injection Exposes Usernames, Attributesvulnerability, cve, high-severity, authentication-bypass, cwe-90 https://shimiscyberworld.com/posts/nvd-CVE-2026-45370/ Shimi's Cyber World en 2026-05-15T00:16:48+03:00 CVE-2026-45370: python-utcp Exposes Process Secrets via Environment Variablesvulnerability, cve, high-severity, cwe-526 https://shimiscyberworld.com/posts/nvd-CVE-2026-45369/ Shimi's Cyber World en 2026-05-15T00:16:48+03:00 CVE-2026-45369: Python-UTCP RCE via Unsanitized Shell Commandsvulnerability, cve, high-severity, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-44673/ Shimi's Cyber World en 2026-05-15T00:16:47+03:00 CVE-2026-44673: libyang Integer Overflow Leads to Heap Corruptionvulnerability, cve, high-severity, buffer-overflow, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-44661/ Shimi's Cyber World en 2026-05-15T00:16:47+03:00 CVE-2026-44661 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-44212/ Shimi's Cyber World en 2026-05-15T00:16:46+03:00 PrestaShop XSS: Critical Back-Office Takeover via Customer Service Viewvulnerability, cve, critical, high-severity, cross-site-scripting-xss, cwe-79