https://shimiscyberworld.com/posts/nvd-CVE-2026-3828/ Shimi's Cyber World en 2026-05-09T12:16:09+03:00 Hikvision Switches: Authenticated RCE in Discontinued Productsvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-32683/ Shimi's Cyber World en 2026-05-09T12:16:08+03:00 CVE-2026-32683 — Some EZVIZ products utilize older versions of cloud featurevulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-1749/ Shimi's Cyber World en 2026-05-09T12:16:08+03:00 CVE-2026-1749 — Some HikCentral Professional Versions. This Vulnerabilityvulnerability, cve, medium-severity https://shimiscyberworld.com/posts/cpanel-whm-release-fixes-for-three-new-vulnerabilities-pa-2ycdm/ Shimi's Cyber World en 2026-05-09T10:16:00+03:00 cPanel, WHM Patch Three New Vulnerabilities: Privilege Escalation, RCE Risksthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-42560/ Shimi's Cyber World en 2026-05-09T09:16:10+03:00 CVE-2026-42560: Critical Patreon OAuth Flaw Merges User Identitiesvulnerability, cve, critical, high-severity, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-42301/ Shimi's Cyber World en 2026-05-09T07:16:25+03:00 CVE-2026-42301: Malicious Code Execution Via pyp2spec RPM Generationvulnerability, cve, high-severity, cwe-20, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-42296/ Shimi's Cyber World en 2026-05-09T07:16:25+03:00 CVE-2026-42296: Argo Workflows Bypass Grants Host Network Accessvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41311/ Shimi's Cyber World en 2026-05-09T07:16:21+03:00 LiquidJS CVE-2026-41311: DoS Vulnerability in Template Enginevulnerability, cve, high-severity, denial-of-service, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-7652/ Shimi's Cyber World en 2026-05-09T06:16:15+03:00 CVE-2026-7652 — The LatePoint plugin for WordPress is vulnerable to Accountvulnerability, cve, medium-severity, cwe-640 https://shimiscyberworld.com/posts/nvd-CVE-2026-6667/ Shimi's Cyber World en 2026-05-09T04:16:09+03:00 CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriatevulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-6666/ Shimi's Cyber World en 2026-05-09T04:16:09+03:00 CVE-2026-6666 — A possible null pointer reference in PgBouncer beforevulnerability, cve, medium-severity, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-6665/ Shimi's Cyber World en 2026-05-09T04:16:09+03:00 PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflowvulnerability, cve, high-severity, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-6664/ Shimi's Cyber World en 2026-05-09T04:16:08+03:00 PgBouncer Integer Overflow (CVE-2026-6664) Leads to Remote Crashvulnerability, cve, high-severity, integer-overflow, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-41705/ Shimi's Cyber World en 2026-05-09T04:16:08+03:00 CVE-2026-41705: Spring AI MilvusVectorStore Vulnerable to Filter Injectionvulnerability, cve, high-severity, cwe-917 https://shimiscyberworld.com/posts/nvd-CVE-2026-44313/ Shimi's Cyber World en 2026-05-09T03:16:29+03:00 Linkwarden SSRF Vulnerability (CVE-2026-44313) Allows Internal Network Accessvulnerability, cve, critical, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-45130/ Shimi's Cyber World en 2026-05-09T02:16:40+03:00 CVE-2026-45130 — Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-122, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-42556/ Shimi's Cyber World en 2026-05-09T02:16:39+03:00 CVE-2026-42556: Postiz AI Tool Vulnerability Allows Stored XSSvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42454/ Shimi's Cyber World en 2026-05-09T02:16:39+03:00 Termix RCE via Container ID Injection (CVE-2026-42454)vulnerability, cve, critical, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-42452/ Shimi's Cyber World en 2026-05-09T02:16:38+03:00 Termix CVE-2026-42452 Bypasses 2FA with Temporary JWTvulnerability, cve, high-severity, cwe-304 https://shimiscyberworld.com/posts/nvd-CVE-2026-42354/ Shimi's Cyber World en 2026-05-09T02:16:38+03:00 Sentry SAML SSO Critical Vulnerability Allows Account Takeover (CVE-2026-42354)vulnerability, cve, critical, high-severity, cwe-290 https://shimiscyberworld.com/posts/nvd-CVE-2026-42352/ Shimi's Cyber World en 2026-05-09T02:16:38+03:00 pygeoapi RCE: OGC API Vulnerability Exposes Internal Servicesvulnerability, cve, high-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42351/ Shimi's Cyber World en 2026-05-09T02:16:38+03:00 CVE-2026-42351: pygeoapi Path Traversal Exposes Directoriesvulnerability, cve, high-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-42346/ Shimi's Cyber World en 2026-05-09T02:16:37+03:00 CVE-2026-42346 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42345/ Shimi's Cyber World en 2026-05-09T02:16:37+03:00 FastGPT Vulnerability: Cloud Metadata Bypass via URL Encoding (CVE-2026-42345)vulnerability, cve, high-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42302/ Shimi's Cyber World en 2026-05-09T02:16:36+03:00 CVE-2026-42302: FastGPT Agent Sandbox RCEvulnerability, cve, critical, high-severity, remote-code-execution, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-42298/ Shimi's Cyber World en 2026-05-09T02:16:36+03:00 CVE-2026-42298: Critical RCE in Postiz AI Scheduling Toolvulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-42291/ Shimi's Cyber World en 2026-05-09T02:16:36+03:00 CVE-2026-42291 — SysReptor is a fully customizable pentest reportingvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-42224/ Shimi's Cyber World en 2026-05-09T02:16:35+03:00 CVE-2026-42224: ipl/web XSS Vulnerability Impacts Icinga Webvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41520/ Shimi's Cyber World en 2026-05-09T02:16:35+03:00 CVE-2026-41520: Cilium Bugtool Leaks Sensitive WireGuard Datavulnerability, cve, high-severity, cwe-200, cwe-312 https://shimiscyberworld.com/posts/nvd-CVE-2026-41432/ Shimi's Cyber World en 2026-05-09T02:16:35+03:00 CVE-2026-41432: LLM Gateway Stripe Webhook Flaw Allows Quota Forgeryvulnerability, cve, high-severity, cwe-345, cwe-863, cwe-1188 https://shimiscyberworld.com/posts/nvd-CVE-2026-42209/ Shimi's Cyber World en 2026-05-09T01:16:32+03:00 CVE-2026-42209 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-369 https://shimiscyberworld.com/posts/nvd-CVE-2026-42205/ Shimi's Cyber World en 2026-05-09T01:16:31+03:00 CVE-2026-42205: Avo Framework Privilege Escalation in Ruby on Rails Admin Panelsvulnerability, cve, high-severity, privilege-escalation, cwe-284, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-42202/ Shimi's Cyber World en 2026-05-09T01:16:31+03:00 CVE-2026-42202 — nova-toggle-5 enables fliping booleans in the index. Priorvulnerability, cve, medium-severity, cwe-285 https://shimiscyberworld.com/posts/nvd-CVE-2026-42199/ Shimi's Cyber World en 2026-05-09T01:16:31+03:00 CVE-2026-42199 — Integer Overflowvulnerability, cve, medium-severity, integer-overflow, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-42193/ Shimi's Cyber World en 2026-05-09T01:16:31+03:00 CVE-2026-42193: Plunk Email Platform Critical Unauthenticated Webhook Forgeryvulnerability, cve, critical, high-severity, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-42192/ Shimi's Cyber World en 2026-05-09T01:16:31+03:00 CVE-2026-42192 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-44400/ Shimi's Cyber World en 2026-05-09T00:16:28+03:00 MailEnable WebAdmin Vulnerability Bypasses Authentication (CVE-2026-44400)vulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-7807/ Shimi's Cyber World en 2026-05-08T23:16:32+03:00 SmarterTools SmarterMail CVE-2026-7807: Local File Inclusion Exposes Passwordsvulnerability, cve, high-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-42282/ Shimi's Cyber World en 2026-05-08T23:16:31+03:00 CVE-2026-42282 — n8n-MCP is an MCP server that provides AI assistants accessvulnerability, cve, medium-severity, cwe-532 https://shimiscyberworld.com/posts/nvd-CVE-2026-42190/ Shimi's Cyber World en 2026-05-08T23:16:31+03:00 CVE-2026-42190 — RedwoodSDK is a server-first React framework. From versionvulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-42189/ Shimi's Cyber World en 2026-05-08T23:16:31+03:00 CVE-2026-42189: Russh SSH Library DoS Vulnerabilityvulnerability, cve, high-severity, cwe-770, cwe-789 https://shimiscyberworld.com/posts/nvd-CVE-2026-42185/ Shimi's Cyber World en 2026-05-08T23:16:31+03:00 CVE-2026-42185 — People is an application to handle users and teams, andvulnerability, cve, medium-severity, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-42181/ Shimi's Cyber World en 2026-05-08T23:16:31+03:00 CVE-2026-42181 — Lemmy is a link aggregator and forum for the fediverse.vulnerability, cve, medium-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42180/ Shimi's Cyber World en 2026-05-08T23:16:31+03:00 CVE-2026-42180 — Lemmy is a link aggregator and forum for the fediverse.vulnerability, cve, medium-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42176/ Shimi's Cyber World en 2026-05-08T23:16:30+03:00 CVE-2026-42176 — Scoold is a Q&A and a knowledge sharing platform for teams.vulnerability, cve, medium-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-41495/ Shimi's Cyber World en 2026-05-08T23:16:30+03:00 CVE-2026-41495 — n8n-MCP is an MCP server that provides AI assistants accessvulnerability, cve, medium-severity, cwe-532 https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-08T23:00:00+03:00 Daily Security Digest — 2026-05-08daily-digest, vulnerability, cve, high-severity, cross-site-scripting-xss, cwe-1004, cwe-266, cwe-200, cwe-497, server-side-request-forgery https://shimiscyberworld.com/posts/gm-to-pay-over-12-million-in-california-privacy-settlement-fm7xa/ Shimi's Cyber World en 2026-05-08T22:35:00+03:00 GM Fined $12 Million in California Privacy Settlement Over Driver Datathreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-8178/ Shimi's Cyber World en 2026-05-08T22:16:31+03:00 Amazon Redshift JDBC Driver Vulnerability Allows Remote Code Executionvulnerability, cve, high-severity, cwe-470 https://shimiscyberworld.com/posts/nvd-CVE-2026-41511/ Shimi's Cyber World en 2026-05-08T22:16:31+03:00 CVE-2026-41511 — OpenMcdf is a fully .NET / C# library to manipulatevulnerability, cve, medium-severity, cwe-835 https://shimiscyberworld.com/posts/kingdom-market-administrator-given-16-year-sentence-7hp4k/ Shimi's Cyber World en 2026-05-08T22:16:00+03:00 Kingdom Market Administrator Sentenced to 16 Yearsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/virginia-man-found-guilty-of-deleting-96-government-database-xpdfr/ Shimi's Cyber World en 2026-05-08T21:14:00+03:00 Virginia Man Convicted for Deleting 96 Government Databasesthreat-intel, data-breach, government https://shimiscyberworld.com/posts/tclbanker-banking-trojan-targets-financial-platforms-via-wha-qc78d/ Shimi's Cyber World en 2026-05-08T21:12:00+03:00 TCLBANKER Banking Trojan Targets 59 Financial Platforms via WhatsApp, Outlook Wormsthreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/sen-schumer-seeks-dhs-plan-on-ai-cyber-coordination-with-st-orozv/ Shimi's Cyber World en 2026-05-08T20:20:00+03:00 Schumer Demands DHS AI Cyber Plan for State, Local Governmentsthreat-intel, policy, government, vulnerability, data-breach, ai-security, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-42072/ Shimi's Cyber World en 2026-05-08T20:16:31+03:00 CVE-2026-42072: Nornicdb Exposes Graph Database via Default Credentials on LANvulnerability, cve, critical, high-severity, cwe-1392 https://shimiscyberworld.com/posts/nvd-CVE-2026-42030/ Shimi's Cyber World en 2026-05-08T20:16:31+03:00 CVE-2026-42030 — MapServer'S WMS Server Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-80 https://shimiscyberworld.com/posts/nvd-CVE-2026-42028/ Shimi's Cyber World en 2026-05-08T20:16:31+03:00 CVE-2026-42028 — NovaGallery Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41887/ Shimi's Cyber World en 2026-05-08T20:16:30+03:00 CVE-2026-41887 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-22, cwe-918 https://shimiscyberworld.com/posts/nvidia-confirms-geforce-now-data-breach-affecting-armenian-u-fmnfi/ Shimi's Cyber World en 2026-05-08T19:18:31+03:00 NVIDIA GeForce NOW Data Breach Impacts Armenian Usersthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-42353/ Shimi's Cyber World en 2026-05-08T19:16:12+03:00 CVE-2026-42353: i18next-http-middleware Path Traversal and SSRF Riskvulnerability, cve, high-severity, path-traversal, cwe-22, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41886/ Shimi's Cyber World en 2026-05-08T19:16:12+03:00 CVE-2026-41886: locize SDK Vulnerability Exposes Apps to Cross-Origin Attacksvulnerability, cve, high-severity, cwe-79, cwe-346 https://shimiscyberworld.com/posts/nvd-CVE-2026-41885/ Shimi's Cyber World en 2026-05-08T19:16:11+03:00 CVE-2026-41885 — i18next-locize-backend is a simple i18next backend forvulnerability, cve, medium-severity, cwe-22, cwe-74 https://shimiscyberworld.com/posts/nvd-CVE-2026-41883/ Shimi's Cyber World en 2026-05-08T19:16:11+03:00 OmniFaces RCE: Server-Side EL Injection Poses High Riskvulnerability, cve, high-severity, remote-code-execution, cwe-917 https://shimiscyberworld.com/posts/nvd-CVE-2026-41693/ Shimi's Cyber World en 2026-05-08T19:16:11+03:00 CVE-2026-41693: i18next-fs-backend Path Traversal Exposes Serversvulnerability, cve, high-severity, cwe-22, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-41690/ Shimi's Cyber World en 2026-05-08T19:16:11+03:00 CVE-2026-41690: 18next-http-middleware Prototype Pollution Hits Node.js/Denovulnerability, cve, high-severity, denial-of-service, cwe-22, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-41683/ Shimi's Cyber World en 2026-05-08T19:16:11+03:00 CVE-2026-41683: i18next-http-middleware Header Injection Riskvulnerability, cve, high-severity, cwe-79, cwe-113 https://shimiscyberworld.com/posts/nvd-CVE-2026-41591/ Shimi's Cyber World en 2026-05-08T19:16:11+03:00 CVE-2026-41591 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41070/ Shimi's Cyber World en 2026-05-08T19:16:11+03:00 CVE-2026-41070: openvpn-auth-oauth2 Critical Bypass in Plugin Modevulnerability, cve, critical, high-severity, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-34354/ Shimi's Cyber World en 2026-05-08T19:16:10+03:00 Akamai Guardicore Local Privilege Escalation Hits Linux, macOS Clientsvulnerability, cve, high-severity, command-injection, cwe-367 https://shimiscyberworld.com/posts/multiple-universities-forced-to-reschedule-final-exams-after-7zybt/ Shimi's Cyber World en 2026-05-08T18:48:00+03:00 Canvas Cyber Incident Forces Universities to Reschedule Examsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-44500/ Shimi's Cyber World en 2026-05-08T18:17:01+03:00 CVE-2026-44500 — Insecure Deserializationvulnerability, cve, medium-severity, insecure-deserialization, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-41588/ Shimi's Cyber World en 2026-05-08T18:16:43+03:00 RELATE Courseware Vulnerability: Critical Timing Attack CVE-2026-41588vulnerability, cve, critical, high-severity, cwe-208 https://shimiscyberworld.com/posts/nvd-CVE-2026-41576/ Shimi's Cyber World en 2026-05-08T18:16:40+03:00 Brave CMS Vulnerability: Phishing via Unescaped Contact Formvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41575/ Shimi's Cyber World en 2026-05-08T18:16:40+03:00 CVE-2026-41575 — An IP Reputation Checker Application Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79, cwe-80 https://shimiscyberworld.com/posts/nvd-CVE-2026-41570/ Shimi's Cyber World en 2026-05-08T18:16:40+03:00 PHPUnit Vulnerability Allows RCE via INI Setting Injectionvulnerability, cve, high-severity, remote-code-execution, cwe-88, cwe-93 https://shimiscyberworld.com/posts/nvd-CVE-2026-41524/ Shimi's Cyber World en 2026-05-08T18:16:40+03:00 Brave CMS XSS Vulnerability: Editor Role Leads to Persistent Code Executionvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41308/ Shimi's Cyber World en 2026-05-08T18:16:39+03:00 CVE-2026-41308 — OSS PasswordPusher Allowed Unauthenticated Creation Of File- Vulnerabilityvulnerability, cve, medium-severity, cwe-288 https://shimiscyberworld.com/posts/fake-call-history-apps-stole-payments-from-users-after-7-3-m-v0k4g/ Shimi's Cyber World en 2026-05-08T18:08:00+03:00 Fake Call History Apps Steal Payments After Millions of Play Store Downloadsthreat-intel, vulnerability https://shimiscyberworld.com/posts/in-other-news-train-hacker-arrested-pamdoora-linux-backdoo-q2hmm/ Shimi's Cyber World en 2026-05-08T17:30:00+03:00 PamDOORa Linux Backdoor Emerges Amidst Other Cyber Developmentsthreat-intel, vulnerability, malware, microsoft, securityweek https://shimiscyberworld.com/posts/nvd-CVE-2026-44339/ Shimi's Cyber World en 2026-05-08T17:16:46+03:00 PraisonAI Vulnerability Allows Undeclared Tool Invocation (CVE-2026-44339)vulnerability, cve, high-severity, cwe-470 https://shimiscyberworld.com/posts/nvd-CVE-2026-44338/ Shimi's Cyber World en 2026-05-08T17:16:46+03:00 CVE-2026-44338: PraisonAI Flask API Lacks Default Authenticationvulnerability, cve, high-severity, cwe-306, cwe-668, cwe-1188 https://shimiscyberworld.com/posts/nvd-CVE-2026-44337/ Shimi's Cyber World en 2026-05-08T17:16:46+03:00 CVE-2026-44337 — PraisonAI is a multi-agent teams system. From version 2.4.1vulnerability, cve, medium-severity, cwe-20, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-44334/ Shimi's Cyber World en 2026-05-08T17:16:46+03:00 CVE-2026-44334: PraisonAI Multi-Agent System Vulnerable to Remote Code Executionvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41512/ Shimi's Cyber World en 2026-05-08T17:16:34+03:00 ai-scanner RCE: Critical JavaScript Injection in BrowserAutomationvulnerability, cve, critical, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41507/ Shimi's Cyber World en 2026-05-08T17:16:34+03:00 CVE-2026-41507: math-codegen RCE Exposes Apps to Arbitrary Command Executionvulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41506/ Shimi's Cyber World en 2026-05-08T17:16:33+03:00 CVE-2026-41506 — go-git is an extensible git implementation library writtenvulnerability, cve, medium-severity, cwe-522 https://shimiscyberworld.com/posts/nvd-CVE-2026-41497/ Shimi's Cyber World en 2026-05-08T17:16:33+03:00 CVE-2026-41497: PraisonAI Multi-Agent System Critical RCEvulnerability, cve, critical, high-severity, code-execution, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-41496/ Shimi's Cyber World en 2026-05-08T17:16:33+03:00 CVE-2026-41496: PraisonAI SQL Injection Impacts Multiple Backendsvulnerability, cve, high-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-41491/ Shimi's Cyber World en 2026-05-08T17:16:33+03:00 Dapr CVE-2026-41491: ACL Bypass via Path Traversalvulnerability, cve, high-severity, path-traversal, cwe-22, cwe-284 https://shimiscyberworld.com/posts/shinyhunters-claims-nearly-9-000-schools-affected-by-canvas-pr69l/ Shimi's Cyber World en 2026-05-08T16:29:45+03:00 ShinyHunters Claims Canvas Breach Affects 9,000 Schools, Demands Paymentthreat-intel, policy, government, data-breach https://shimiscyberworld.com/posts/nvd-CVE-2025-69233/ Shimi's Cyber World en 2026-05-08T16:16:35+03:00 CVE-2025-69233 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-367, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2025-66467/ Shimi's Cyber World en 2026-05-08T16:16:35+03:00 CVE-2025-66467: MinIO Policy Cleanup Flaw in Apache CloudStack Grants Unauthorized Accessvulnerability, cve, high-severity, cwe-459 https://shimiscyberworld.com/posts/nvd-CVE-2022-50994/ Shimi's Cyber World en 2026-05-08T16:16:34+03:00 DrayTek Vigor 2960 RCE: Unauthenticated OS Command Injectionvulnerability, cve, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/pro-ukraine-bo-team-and-head-mare-hackers-appear-to-team-up-92yv0/ Shimi's Cyber World en 2026-05-08T16:09:00+03:00 Pro-Ukraine Hacktivists BO Team and Head Mare Coordinate Attacks Against Russiathreat-intel, data-breach, government, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-8153/ Shimi's Cyber World en 2026-05-08T15:16:29+03:00 Universal Robots PolyScope Critical OS Command Injection (CVE-2026-8153)vulnerability, cve, critical, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/ai-firm-braintrust-prompts-api-key-rotation-after-data-breac-fg7a8/ Shimi's Cyber World en 2026-05-08T14:14:01+03:00 Braintrust Data Breach Prompts API Key Rotation After AWS Compromisethreat-intel, vulnerability, data-breach, cloud https://shimiscyberworld.com/posts/quasar-linux-rat-steals-developer-credentials-for-software-s-csdti/ Shimi's Cyber World en 2026-05-08T14:00:00+03:00 Quasar Linux RAT Targets Developers for Supply Chain Compromisethreat-intel, vulnerability, identity, phishing, the-hacker-news https://shimiscyberworld.com/posts/telegram-1427288221-8897/ Shimi's Cyber World en 2026-05-08T13:48:26+03:00 Cloudflare, Arctic Wolf, CrowdStrike Layoffs Signal AI's Impact on Cybersecurity Workforceisrael https://shimiscyberworld.com/posts/telegram-1427288221-8896/ Shimi's Cyber World en 2026-05-08T13:33:40+03:00 Clickfix Campaign: Social Engineering Leads to Account Lockoutsisrael https://shimiscyberworld.com/posts/one-missed-threat-per-week-what-25m-alerts-reveal-about-low-9acln/ Shimi's Cyber World en 2026-05-08T13:30:00+03:00 Enterprise Security Ignores One Threat Per Week: 25 Million Alerts Showthreat-intel, vulnerability, the-hacker-news https://shimiscyberworld.com/posts/telegram-1427288221-8894/ Shimi's Cyber World en 2026-05-08T13:24:22+03:00 AI Supply Chain Under Attack: Malicious Models on Hugging Face, ClawHubisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-7650/ Shimi's Cyber World en 2026-05-08T13:16:29+03:00 CVE-2026-7650 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-7475/ Shimi's Cyber World en 2026-05-08T13:16:29+03:00 CVE-2026-7475 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5341/ Shimi's Cyber World en 2026-05-08T13:16:28+03:00 CVE-2026-5341 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-7330/ Shimi's Cyber World en 2026-05-08T12:16:10+03:00 CVE-2026-7330: WordPress Auto Affiliate Links Plugin Stored XSSvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5127/ Shimi's Cyber World en 2026-05-08T12:16:08+03:00 WordPress Plugin Vulnerability: CVE-2026-5127 Allows Code Executionvulnerability, cve, high-severity, insecure-deserialization, cwe-502 https://shimiscyberworld.com/posts/new-linux-pamdoora-backdoor-uses-pam-modules-to-steal-ssh-cr-tvhl0/ Shimi's Cyber World en 2026-05-08T11:41:00+03:00 PamDOORa Linux Backdoor Leverages PAM for Persistent SSH Accessthreat-intel, vulnerability, malware, identity, tools, the-hacker-news https://shimiscyberworld.com/posts/new-linux-dirty-frag-zero-day-gives-root-on-all-major-dist-ca61c/ Shimi's Cyber World en 2026-05-08T10:45:24+03:00 Linux 'Dirty Frag' Zero-Day Grants Root Privileges Across Major Distrosthreat-intel, data-breach, malware, vulnerability, bleepingcomputer https://shimiscyberworld.com/posts/zara-197-376-breached-accounts-mgzew/ Shimi's Cyber World en 2026-05-08T10:14:22+03:00 Zara Breach: ShinyHunters Leveraged Anodot Compromise for Extortiondata-breach, threat-intel https://shimiscyberworld.com/posts/nvd-CVE-2026-8138/ Shimi's Cyber World en 2026-05-08T08:16:11+03:00 Tenda CX12L Stack Buffer Overflow (CVE-2026-8138) Risks Remote Exploitationvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-8137/ Shimi's Cyber World en 2026-05-08T08:16:11+03:00 Totolink X5000R Buffer Overflow (CVE-2026-8137) Exposedvulnerability, cve, high-severity, buffer-overflow, cwe-119, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-42279/ Shimi's Cyber World en 2026-05-08T08:16:11+03:00 CVE-2026-42279 — solidtime is an open-source time-tracking app. In versionvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-42277/ Shimi's Cyber World en 2026-05-08T08:16:10+03:00 CVE-2026-42277 — Onyx is an open-source AI platform. Prior to versionsvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-42276/ Shimi's Cyber World en 2026-05-08T08:16:10+03:00 CVE-2026-42276 — Onyx is an open-source AI platform. Prior to versionsvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-8133/ Shimi's Cyber World en 2026-05-08T07:16:26+03:00 CVE-2026-8133: zyx0814 FilePress SQL Injection Exploitedvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8132/ Shimi's Cyber World en 2026-05-08T07:16:25+03:00 CodeAstro Leave Management System SQLi (CVE-2026-8132)vulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8131/ Shimi's Cyber World en 2026-05-08T07:16:24+03:00 CVE-2026-8131: SourceCodester SUP Online Shopping SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8130/ Shimi's Cyber World en 2026-05-08T07:16:24+03:00 SourceCodester SUP Online Shopping SQLi: CVE-2026-8130 Exposedvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8129/ Shimi's Cyber World en 2026-05-08T07:16:24+03:00 SourceCodester SUP Online Shopping SQL Injection (CVE-2026-8129)vulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-43943/ Shimi's Cyber World en 2026-05-08T07:16:23+03:00 electerm RCE (CVE-2026-43943) via Malicious SFTP Filenamesvulnerability, cve, high-severity, code-execution, cwe-78, cwe-88 https://shimiscyberworld.com/posts/nvd-CVE-2026-43941/ Shimi's Cyber World en 2026-05-08T07:16:23+03:00 Electerm CVE-2026-43941: Critical RCE via Malicious Terminal Linksvulnerability, cve, critical, high-severity, code-execution, cwe-88, cwe-601 https://shimiscyberworld.com/posts/nvd-CVE-2026-43940/ Shimi's Cyber World en 2026-05-08T07:16:23+03:00 CVE-2026-43940: electerm Path Traversal Leads to RCEvulnerability, cve, high-severity, code-execution, cwe-22, cwe-829 https://shimiscyberworld.com/posts/nvd-CVE-2026-42275/ Shimi's Cyber World en 2026-05-08T07:16:22+03:00 zrok WebDAV Vulnerability (CVE-2026-42275) Allows Remote File Accessvulnerability, cve, high-severity, path-traversal, cwe-22, cwe-61 https://shimiscyberworld.com/posts/nvd-CVE-2026-42264/ Shimi's Cyber World en 2026-05-08T07:16:20+03:00 Axios Prototype Pollution: Critical Vulnerability Exposes HTTP Requestsvulnerability, cve, high-severity, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-42261/ Shimi's Cyber World en 2026-05-08T07:16:20+03:00 CVE-2026-42261: PromptHub SSRF Bypass Via IPv6 Mapped Addressesvulnerability, cve, high-severity, server-side-request-forgery, cwe-20, cwe-693, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41900/ Shimi's Cyber World en 2026-05-08T07:16:18+03:00 CVE-2026-41900: OpenLearnX RCE Allows Sandbox Escape and Command Executionvulnerability, cve, high-severity, remote-code-execution, cwe-78, cwe-94, cwe-250, cwe-284, cwe-693 https://shimiscyberworld.com/posts/nvd-CVE-2026-41646/ Shimi's Cyber World en 2026-05-08T07:16:18+03:00 CVE-2026-41646 — Nuclei'S JavaScript Protocol Runtime Vulnerabilityvulnerability, cve, medium-severity, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-41501/ Shimi's Cyber World en 2026-05-08T07:16:17+03:00 Electerm Critical Command Injection Flaw Patched (CVE-2026-41501)vulnerability, cve, critical, high-severity, command-injection, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-41500/ Shimi's Cyber World en 2026-05-08T07:16:17+03:00 electerm CVE-2026-41500: Critical Command Injection in Terminal Clientvulnerability, cve, critical, high-severity, command-injection, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-8128/ Shimi's Cyber World en 2026-05-08T06:16:25+03:00 CVE-2026-8128: SourceCodester SUP Online Shopping SQLi Exposedvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8127/ Shimi's Cyber World en 2026-05-08T06:16:25+03:00 CVE-2026-8127 — Eladmin Improper Access Controlvulnerability, cve, medium-severity, improper-access-control, cwe-266, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-8126/ Shimi's Cyber World en 2026-05-08T06:16:25+03:00 SourceCodester Comment System SQLi Vulnerability (CVE-2026-8126)vulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8125/ Shimi's Cyber World en 2026-05-08T05:16:08+03:00 CVE-2026-8125 — Code-Projects Simple Chat System SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8123/ Shimi's Cyber World en 2026-05-08T05:16:07+03:00 CVE-2026-8123 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8122/ Shimi's Cyber World en 2026-05-08T04:16:10+03:00 CVE-2026-8122 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8121/ Shimi's Cyber World en 2026-05-08T04:16:09+03:00 CVE-2026-8121 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8120/ Shimi's Cyber World en 2026-05-08T04:16:09+03:00 CVE-2026-8120 — Open5GS Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-8117/ Shimi's Cyber World en 2026-05-08T03:16:10+03:00 CVE-2026-8117 — SourceCodester Pizzafy Ecommerce System Vulnerabilityvulnerability, cve, medium-severity, cwe-79, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-8116/ Shimi's Cyber World en 2026-05-08T03:16:09+03:00 CVE-2026-8116 — Unknown Code Of The File Src/Controllers/DxtController.Ts Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-8115/ Shimi's Cyber World en 2026-05-08T02:16:33+03:00 CVE-2026-8115 — Gyoridavid Short-Video-Maker Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-6411/ Shimi's Cyber World en 2026-05-08T02:16:32+03:00 MAXHUB Pivot Client Vulnerability Exposes Tenant Emails, Allows DoSvulnerability, cve, high-severity, cwe-327 https://shimiscyberworld.com/posts/nvd-CVE-2026-42880/ Shimi's Cyber World en 2026-05-08T02:16:32+03:00 Argo CD CVE-2026-42880: Critical Data Exposure from Read-Only Accessvulnerability, cve, critical, high-severity, cwe-200, cwe-212 https://shimiscyberworld.com/posts/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-c-g2isi/ Shimi's Cyber World en 2026-05-08T01:36:54+03:00 ShinyHunters Defaces Canvas Login Portals in Mass Extortion Campaignthreat-intel, data-breach, malware, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-8112/ Shimi's Cyber World en 2026-05-08T01:16:37+03:00 CVE-2026-8112 — 8421bit MiniClaw Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-42826/ Shimi's Cyber World en 2026-05-08T01:16:35+03:00 Azure DevOps Critical Info Disclosure: CVE-2026-42826vulnerability, cve, critical, high-severity, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-41105/ Shimi's Cyber World en 2026-05-08T01:16:35+03:00 CVE-2026-41105: Azure Notification Service SSRF Allows Privilege Escalationvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-40214/ Shimi's Cyber World en 2026-05-08T01:16:35+03:00 CVE-2026-40214 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-282 https://shimiscyberworld.com/posts/nvd-CVE-2026-40213/ Shimi's Cyber World en 2026-05-08T01:16:34+03:00 OpenStack Cyborg Flaw Allows FPGA Reprogramming via Unauthenticated APIvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-35435/ Shimi's Cyber World en 2026-05-08T01:16:34+03:00 Azure AI Foundry M365 Flaw Allows Network Privilege Escalationvulnerability, cve, high-severity, improper-access-control, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-35428/ Shimi's Cyber World en 2026-05-08T01:16:34+03:00 Azure Cloud Shell Critical Command Injection: CVE-2026-35428 Allows Spoofingvulnerability, cve, critical, high-severity, command-injection, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-34327/ Shimi's Cyber World en 2026-05-08T01:16:34+03:00 Microsoft Partner Center Vulnerability Allows Spoofing (CVE-2026-34327)vulnerability, cve, high-severity, cwe-610 https://shimiscyberworld.com/posts/nvd-CVE-2026-33844/ Shimi's Cyber World en 2026-05-08T01:16:34+03:00 Azure Managed Instance for Apache Cassandra RCE: Critical Input Validation Flawvulnerability, cve, critical, high-severity, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-33823/ Shimi's Cyber World en 2026-05-08T01:16:34+03:00 Microsoft Teams Critical Auth Flaw Exposes Info (CVE-2026-33823)vulnerability, cve, critical, high-severity, cwe-285 https://shimiscyberworld.com/posts/nvd-CVE-2026-33111/ Shimi's Cyber World en 2026-05-08T01:16:34+03:00 Microsoft Copilot Chat Command Injection Vulnerability Discloses Infovulnerability, cve, high-severity, command-injection, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-33109/ Shimi's Cyber World en 2026-05-08T01:16:34+03:00 CVE-2026-33109: Critical RCE in Azure Managed Instance for Apache Cassandravulnerability, cve, critical, high-severity, improper-access-control, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-32207/ Shimi's Cyber World en 2026-05-08T01:16:33+03:00 Azure Machine Learning XSS Exposes Data, Allows Spoofingvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-26164/ Shimi's Cyber World en 2026-05-08T01:16:33+03:00 M365 Copilot Injection Vulnerability CVE-2026-26164 Allows Info Disclosurevulnerability, cve, high-severity, cwe-74 https://shimiscyberworld.com/posts/nvd-CVE-2026-26129/ Shimi's Cyber World en 2026-05-08T01:16:33+03:00 M365 Copilot Vulnerability CVE-2026-26129 Exposes Informationvulnerability, cve, high-severity, cwe-138 https://shimiscyberworld.com/posts/iranian-government-hackers-using-chaos-ransomware-as-cover-ge3zr/ Shimi's Cyber World en 2026-05-08T00:30:00+03:00 MuddyWater Uses Chaos Ransomware as Cover for Espionagethreat-intel, data-breach, government, malware, ransomware https://shimiscyberworld.com/posts/nvd-CVE-2026-8098/ Shimi's Cyber World en 2026-05-08T00:16:30+03:00 CVE-2026-8098: SQL Injection in code-projects Feedback System 1.0vulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8097/ Shimi's Cyber World en 2026-05-08T00:16:30+03:00 CVE-2026-8097 — CodeAstro Online Classroom SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-42449/ Shimi's Cyber World en 2026-05-08T00:16:30+03:00 CVE-2026-42449: n8n-MCP SSRF Bypasses IPv6 Checksvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42047/ Shimi's Cyber World en 2026-05-08T00:16:29+03:00 CVE-2026-42047: Inngest Exposes Environment Variables via HTTP Handlervulnerability, cve, high-severity, cwe-200, cwe-497 https://shimiscyberworld.com/posts/nvd-CVE-2026-41692/ Shimi's Cyber World en 2026-05-08T00:16:29+03:00 CVE-2026-41692 — i18nextify is a JavaScript library that adds websitevulnerability, cve, medium-severity, cwe-79, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41691/ Shimi's Cyber World en 2026-05-08T00:16:29+03:00 CVE-2026-41691 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22, cwe-74 https://shimiscyberworld.com/posts/nvd-CVE-2026-8087/ Shimi's Cyber World en 2026-05-07T23:16:45+03:00 CVE-2026-8087 — OSGeo Gdal Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-119, cwe-122 https://shimiscyberworld.com/posts/nvd-CVE-2026-43510/ Shimi's Cyber World en 2026-05-07T23:16:44+03:00 CVE-2026-43510: CISA's manage.get.gov Domain Manager Vulnerabilityvulnerability, cve, high-severity, cwe-266 https://shimiscyberworld.com/posts/nvd-CVE-2026-42241/ Shimi's Cyber World en 2026-05-07T23:16:44+03:00 CVE-2026-42241 — Applications Using ParquetSharp To Read Untrusted Parquet Fi Vulnerabilityvulnerability, cve, medium-severity, cwe-789 https://shimiscyberworld.com/posts/nvd-CVE-2026-42239/ Shimi's Cyber World en 2026-05-07T23:16:44+03:00 Budibase Low-Code Platform Vulnerability Allows Full Account Takeover via XSSvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-1004 https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-07T23:00:00+03:00 Daily Security Digest — 2026-05-07daily-digest, vulnerability, cve, critical, high-severity, cwe-346, cross-site-scripting-xss, cwe-79, denial-of-service, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-8086/ Shimi's Cyber World en 2026-05-07T22:16:03+03:00 CVE-2026-8086 — OSGeo Gdal Buffer Overflowvulnerability, cve, medium-severity, buffer-overflow, cwe-119, cwe-122 https://shimiscyberworld.com/posts/nvd-CVE-2026-8083/ Shimi's Cyber World en 2026-05-07T22:16:02+03:00 CVE-2026-8083: SQL Injection in SourceCodester Pharmacy Systemvulnerability, cve, high-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-44742/ Shimi's Cyber World en 2026-05-07T22:16:02+03:00 CVE-2026-44742: Postorius HTML Injection Exploited In The Wildvulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-44244/ Shimi's Cyber World en 2026-05-07T22:16:02+03:00 GitPython CVE-2026-44244 Allows Remote Code Execution via HooksPath Injectionvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-42284/ Shimi's Cyber World en 2026-05-07T22:16:01+03:00 CVE-2026-42284: GitPython Vulnerability Allows Remote Code Execution Via Malicious Clonesvulnerability, cve, high-severity, cwe-88 https://shimiscyberworld.com/posts/nvd-CVE-2026-42215/ Shimi's Cyber World en 2026-05-07T22:16:01+03:00 CVE-2026-42215: GitPython Arbitrary Command Execution Vulnerabilityvulnerability, cve, high-severity, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-42214/ Shimi's Cyber World en 2026-05-07T22:16:01+03:00 NotepadNext CVE-2026-42214: Arbitrary Command Execution via Malicious Extensionsvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41906/ Shimi's Cyber World en 2026-05-07T22:16:01+03:00 FreeScout CVE-2026-41906: Agent Can Expose Hidden Customer Datavulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-41905/ Shimi's Cyber World en 2026-05-07T22:16:01+03:00 FreeScout CVE-2026-41905: Server-Side Request Forgery via Redirect Logicvulnerability, cve, high-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41904/ Shimi's Cyber World en 2026-05-07T22:16:01+03:00 CVE-2026-41904: FreeScout XSS Delivers Payloads via Auto-Replyvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41903/ Shimi's Cyber World en 2026-05-07T22:16:00+03:00 CVE-2026-41903 — FreeScout is a free help desk and shared inbox built withvulnerability, cve, medium-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41902/ Shimi's Cyber World en 2026-05-07T22:16:00+03:00 CVE-2026-41902: FreeScout Invite Hash Vulnerability Allows Permanent Account Takeovervulnerability, cve, critical, high-severity, cwe-613 https://shimiscyberworld.com/posts/nvd-CVE-2026-8081/ Shimi's Cyber World en 2026-05-07T21:16:27+03:00 CVE-2026-8081 — Router-For-Me CLIProxyAPI Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-37709/ Shimi's Cyber World en 2026-05-07T21:16:19+03:00 Snipe-IT CVE-2026-37709: Critical RCE via Insecure Permissionsvulnerability, cve, critical, high-severity, cwe-284 https://shimiscyberworld.com/posts/telegram-1542954397-4572/ Shimi's Cyber World en 2026-05-07T21:03:42+03:00 Anonymous Claims Control Over Three Chinese Satellites https://shimiscyberworld.com/posts/pcpjack-credential-stealer-exploits-5-cves-to-spread-worm-li-mu956/ Shimi's Cyber World en 2026-05-07T20:45:00+03:00 PCPJack Credential Stealer Exploits 5 CVEs for Cloud Worm-Like Spreadthreat-intel, vulnerability, malware, data-breach, cloud, identity, tools, the-hacker-news https://shimiscyberworld.com/posts/nvd-CVE-2026-7415/ Shimi's Cyber World en 2026-05-07T20:15:59+03:00 CVE-2026-7415: Yarbo Robot Firmware Exposes Sensitive Data via Anonymous MQTTvulnerability, cve, critical, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-7414/ Shimi's Cyber World en 2026-05-07T20:15:59+03:00 Yarbo Firmware v2.3.9 Critical Hardcoded Credential Vulnerabilityvulnerability, cve, critical, high-severity, cwe-798 https://shimiscyberworld.com/posts/nvd-CVE-2026-7413/ Shimi's Cyber World en 2026-05-07T20:15:59+03:00 CVE-2026-7413: Hidden Backdoor Found in Yarbo Firmwarevulnerability, cve, high-severity, cwe-912 https://shimiscyberworld.com/posts/has-cisa-finally-found-its-new-leader-in-tom-parker-5seag/ Shimi's Cyber World en 2026-05-07T19:55:12+03:00 Tom Parker Tipped for CISA Leadership Rolethreat-intel, tools https://shimiscyberworld.com/posts/palo-alto-zero-day-exploited-in-campaign-bearing-hallmarks-o-23gll/ Shimi's Cyber World en 2026-05-07T18:31:12+03:00 Palo Alto Networks Zero-Day Exploited by Suspected Chinese State Actorthreat-intel, vulnerability https://shimiscyberworld.com/posts/ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks-rm9dt/ Shimi's Cyber World en 2026-05-07T18:20:51+03:00 Ivanti EPMM RCE Vulnerability Exploited in Zero-Day Attacksthreat-intel, data-breach, malware, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-44264/ Shimi's Cyber World en 2026-05-07T18:16:10+03:00 CVE-2026-44264 — Weblate is a web based localization tool. Prior to versionvulnerability, cve, medium-severity, cwe-80 https://shimiscyberworld.com/posts/nvd-CVE-2026-44263/ Shimi's Cyber World en 2026-05-07T18:16:10+03:00 CVE-2026-44263 — Weblate is a web based localization tool. Prior to versionvulnerability, cve, medium-severity, cwe-203 https://shimiscyberworld.com/posts/nvd-CVE-2026-42011/ Shimi's Cyber World en 2026-05-07T18:16:09+03:00 gnutls CVE-2026-42011: Certificate Validation Bypass Poses MITM Riskvulnerability, cve, high-severity, cwe-295 https://shimiscyberworld.com/posts/nvd-CVE-2026-41689/ Shimi's Cyber World en 2026-05-07T18:16:09+03:00 CVE-2026-41689 — Wallos is an open-source, self-hostable personalvulnerability, cve, medium-severity, cwe-863, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41688/ Shimi's Cyber World en 2026-05-07T18:16:09+03:00 CVE-2026-41688: Wallos SSRF Bypass via DNS Rebindingvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41687/ Shimi's Cyber World en 2026-05-07T18:16:09+03:00 CVE-2026-41687 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41650/ Shimi's Cyber World en 2026-05-07T18:16:07+03:00 CVE-2026-41650 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-91 https://shimiscyberworld.com/posts/nvd-CVE-2026-41519/ Shimi's Cyber World en 2026-05-07T18:16:07+03:00 CVE-2026-41519 — Weblate is a web based localization tool. Prior to versionvulnerability, cve, medium-severity, cwe-613 https://shimiscyberworld.com/posts/nvd-CVE-2026-41505/ Shimi's Cyber World en 2026-05-07T18:16:07+03:00 CVE-2026-41505: RELATE Courseware Package Suffers Predictable Token Generation Flawvulnerability, cve, high-severity, cwe-330, cwe-338 https://shimiscyberworld.com/posts/nvd-CVE-2026-41422/ Shimi's Cyber World en 2026-05-07T18:16:06+03:00 Daptin Headless CMS SQLi Puts Data at High Riskvulnerability, cve, high-severity, cwe-89 https://shimiscyberworld.com/posts/north-carolina-man-pleads-guilty-to-doxxing-supreme-court-ju-ur6p9/ Shimi's Cyber World en 2026-05-07T18:00:00+03:00 North Carolina Man Pleads Guilty to Doxxing Supreme Court Justicesthreat-intel, data-breach, government https://shimiscyberworld.com/posts/telegram-1373735086-5020/ Shimi's Cyber World en 2026-05-07T17:37:59+03:00 Ransomware Groups Aggressively Target Healthcare Sector Globallydarkweb, threat-intel, ransomware, malware, darkfeed https://shimiscyberworld.com/posts/claude-code-oauth-tokens-can-be-stolen-through-stealthy-mcp-1mzs9/ Shimi's Cyber World en 2026-05-07T17:33:06+03:00 Claude Code OAuth Tokens Vulnerable to Stealthy MCP Hijackingthreat-intel, vulnerability, identity https://shimiscyberworld.com/posts/nvd-CVE-2026-6795/ Shimi's Cyber World en 2026-05-07T17:16:04+03:00 DivvyDrive Open Redirect Vulnerability CVE-2026-6795 Rated Criticalvulnerability, cve, critical, high-severity, open-redirect, cwe-601 https://shimiscyberworld.com/posts/nvd-CVE-2026-41685/ Shimi's Cyber World en 2026-05-07T17:16:03+03:00 CVE-2026-41685 — Incus is a system container and virtual machine manager.vulnerability, cve, medium-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-41684/ Shimi's Cyber World en 2026-05-07T17:16:03+03:00 CVE-2026-41684 — Incus is a system container and virtual machine manager.vulnerability, cve, medium-severity, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-41647/ Shimi's Cyber World en 2026-05-07T17:16:03+03:00 CVE-2026-41647 — Incus is a system container and virtual machine manager.vulnerability, cve, medium-severity, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-41589/ Shimi's Cyber World en 2026-05-07T17:16:02+03:00 CVE-2026-41589: Critical Path Traversal in Wish SSH Server SCP Middlewarevulnerability, cve, critical, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41554/ Shimi's Cyber World en 2026-05-07T17:16:02+03:00 Bricks Builder Flaw: CVE-2026-41554 Exposes Websites to Reflected XSSvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41490/ Shimi's Cyber World en 2026-05-07T17:16:02+03:00 Dagster Orchestration Platform Vulnerable to SQL Injection via Dynamic Partitionsvulnerability, cve, high-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2025-14341/ Shimi's Cyber World en 2026-05-07T17:16:00+03:00 CVE-2025-14341: DivvyDrive Vulnerability Allows Excessive Allocation, Floodingvulnerability, cve, high-severity, cwe-770, cwe-915 https://shimiscyberworld.com/posts/one-click-total-shutdown-the-patient-zero-webinar-on-kil-imnwl/ Shimi's Cyber World en 2026-05-07T16:50:00+03:00 AI-Powered Phishing: The 'Patient Zero' Threat to Enterprise Securitythreat-intel, vulnerability, data-breach, the-hacker-news https://shimiscyberworld.com/posts/attackers-could-exploit-ai-vision-models-using-imperceptible-h4msp/ Shimi's Cyber World en 2026-05-07T16:45:53+03:00 Cisco Researchers Expose Pixel-Level Attacks on AI Vision Modelsthreat-intel, vulnerability, ai-security https://shimiscyberworld.com/posts/nvd-CVE-2026-6002/ Shimi's Cyber World en 2026-05-07T16:16:13+03:00 DivvyDrive XSS Vulnerability (CVE-2026-6002) Poses High Riskvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-80 https://shimiscyberworld.com/posts/nvd-CVE-2026-5791/ Shimi's Cyber World en 2026-05-07T16:16:13+03:00 DivvyDrive Critical CSRF Vulnerability: CVE-2026-5791 Poses Remote Attack Riskvulnerability, cve, critical, high-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-5784/ Shimi's Cyber World en 2026-05-07T16:16:13+03:00 DivvyDrive Stored XSS Vulnerability (CVE-2026-5784) Poses High Riskvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/ai-coding-agents-could-fuel-next-supply-chain-crisis-fmgkw/ Shimi's Cyber World en 2026-05-07T16:00:00+03:00 AI Coding Agents Fuel Next Supply Chain Crisis with 'TrustFall' Attacksthreat-intel, vulnerability, securityweek https://shimiscyberworld.com/posts/polish-intelligence-warns-hackers-attacked-water-treatment-c-ctbni/ Shimi's Cyber World en 2026-05-07T15:38:00+03:00 Polish Intelligence Warns of Attacks on Water Treatment Systemsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-6508/ Shimi's Cyber World en 2026-05-07T15:16:18+03:00 CVE-2026-6508: Liderahenk Origin Validation Error Allows Critical Accessvulnerability, cve, critical, high-severity, cwe-346 https://shimiscyberworld.com/posts/nvd-CVE-2026-42285/ Shimi's Cyber World en 2026-05-07T15:16:18+03:00 CVE-2026-42285: Critical GoBGP Flaw Allows Remote Crash via Malformed UPDATEvulnerability, cve, high-severity, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-42010/ Shimi's Cyber World en 2026-05-07T15:16:17+03:00 CVE-2026-42010: GnuTLS RSA-PSK NUL Byte Authentication Bypassvulnerability, cve, high-severity, authentication-bypass https://shimiscyberworld.com/posts/nvd-CVE-2026-41643/ Shimi's Cyber World en 2026-05-07T15:16:17+03:00 CVE-2026-41643: GoBGP Remote DoS Vulnerability Exposes Network Infrastructurevulnerability, cve, high-severity, denial-of-service, cwe-129 https://shimiscyberworld.com/posts/nvd-CVE-2026-41642/ Shimi's Cyber World en 2026-05-07T15:16:17+03:00 GoBGP DoS Vulnerability (CVE-2026-41642) Patched in Version 4.4.0vulnerability, cve, high-severity, denial-of-service, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-3953/ Shimi's Cyber World en 2026-05-07T15:16:16+03:00 CVE-2026-3953: Gosoft Proticaret E-Commerce XSS Vulnerabilityvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/cisa-kev-CVE-2026-6973/ Shimi's Cyber World en 2026-05-07T15:00:00+03:00 CVE-2026-6973 — Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerabilityvulnerability, cve, cisa-kev, actively-exploited https://shimiscyberworld.com/posts/threatsday-bulletin-edge-plaintext-passwords-ics-0-days-p-7p25i/ Shimi's Cyber World en 2026-05-07T14:33:00+03:00 Old-School Attacks Still Win: Credential Dumps and Weak Defenses Plague 2026threat-intel, vulnerability, the-hacker-news https://shimiscyberworld.com/posts/nvd-CVE-2026-27415/ Shimi's Cyber World en 2026-05-07T14:15:59+03:00 CVE-2026-27415 — PluginUs.Net BEAR Vulnerabilityvulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/telegram-1427288221-8889/ Shimi's Cyber World en 2026-05-07T14:09:25+03:00 MedusaLocker Ransomware Group Details Financial Motivation, Operational Shiftsisrael, telegram https://shimiscyberworld.com/posts/day-zero-readiness-the-operational-gaps-that-break-incident-h2q7a/ Shimi's Cyber World en 2026-05-07T13:54:00+03:00 Incident Response Retainers Aren't Readiness: The Operational Gapthreat-intel, vulnerability, the-hacker-news https://shimiscyberworld.com/posts/gemini-cli-vulnerability-could-have-led-to-code-execution-s-ite2y/ Shimi's Cyber World en 2026-05-07T13:39:34+03:00 Gemini CLI Vulnerability: Prompt Injection Leads to Code Executionthreat-intel, vulnerability, ai-security, tools, securityweek