https://shimiscyberworld.com/posts/nvd-CVE-2026-45158/ Shimi's Cyber World en 2026-05-14T01:16:46+03:00 OPNsense RCE: Critical Flaw Allows Root Access via DHCP Inputvulnerability, cve, critical, high-severity, remote-code-execution, cwe-88 https://shimiscyberworld.com/posts/nvd-CVE-2026-44478/ Shimi's Cyber World en 2026-05-14T01:16:46+03:00 Hoppscotch CVE-2026-44478: Unauthenticated Infrastructure Secret Leakvulnerability, cve, high-severity, cwe-284, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-44471/ Shimi's Cyber World en 2026-05-14T01:16:46+03:00 CVE-2026-44471: gitoxide Symlink Vulnerability Exposes Filesystem to Attackvulnerability, cve, high-severity, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-44447/ Shimi's Cyber World en 2026-05-14T01:16:45+03:00 ERPNext SQL Injection (CVE-2026-44447) Exposes Sensitive Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-44446/ Shimi's Cyber World en 2026-05-14T01:16:45+03:00 CVE-2026-44446: ERPNext SQL Injection Exposes Sensitive Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-44442/ Shimi's Cyber World en 2026-05-14T01:16:45+03:00 ERPNext Critical Authorization Bypass (CVE-2026-44442)vulnerability, cve, critical, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44440/ Shimi's Cyber World en 2026-05-14T01:16:45+03:00 CVE-2026-44440 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-44426/ Shimi's Cyber World en 2026-05-14T01:16:44+03:00 CVE-2026-44426 — ShellHub is a centralized SSH gateway. Prior to 0.24.2, GETvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44424/ Shimi's Cyber World en 2026-05-14T01:16:44+03:00 CVE-2026-44424 — ShellHub is a centralized SSH gateway. Prior to 0.24.2, GETvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44423/ Shimi's Cyber World en 2026-05-14T01:16:44+03:00 CVE-2026-44423 — ShellHub is a centralized SSH gateway. Prior to 0.24.2, GETvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44194/ Shimi's Cyber World en 2026-05-14T01:16:43+03:00 OPNsense RCE: Critical Flaw Allows Root Access Via Malformed Email Addressvulnerability, cve, critical, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-44193/ Shimi's Cyber World en 2026-05-14T01:16:43+03:00 OPNsense RCE Vulnerability (CVE-2026-44193) Exposes Firewallsvulnerability, cve, critical, high-severity, remote-code-execution, cwe-88 https://shimiscyberworld.com/posts/nvd-CVE-2026-32993/ Shimi's Cyber World en 2026-05-14T01:16:43+03:00 CVE-2026-32993: Unauthenticated HTTP Header Injection Vulnerabilityvulnerability, cve, high-severity, cwe-93 https://shimiscyberworld.com/posts/nvd-CVE-2026-32992/ Shimi's Cyber World en 2026-05-14T01:16:43+03:00 CVE-2026-32992: DNS Cluster SSL Verification Disabled, High-Severity MiTM Riskvulnerability, cve, high-severity, cwe-295 https://shimiscyberworld.com/posts/nvd-CVE-2026-29205/ Shimi's Cyber World en 2026-05-14T01:16:42+03:00 CVE-2026-29205: Arbitrary File Read via cpdavd Endpointsvulnerability, cve, high-severity, arbitrary-file-access, cwe-250 https://shimiscyberworld.com/posts/iranian-hackers-targeted-major-south-korean-electronics-make-wxxy8/ Shimi's Cyber World en 2026-05-14T00:59:33+03:00 MuddyWater Targets South Korean Electronics Giant in Espionage Campaignthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-45714/ Shimi's Cyber World en 2026-05-14T00:16:50+03:00 CubeCart CVE-2026-45714: Authenticated RCE Via Template Injectionvulnerability, cve, critical, high-severity, cwe-94, cwe-1336 https://shimiscyberworld.com/posts/nvd-CVE-2026-45708/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CubeCart RCE (CVE-2026-45708) Allows Unauthenticated Remote Code Executionvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-45229/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 Quark Drive Mass Assignment Flaw Grants Admin Takeovervulnerability, cve, high-severity, cwe-915 https://shimiscyberworld.com/posts/nvd-CVE-2026-45228/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CVE-2026-45228 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-45055/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CVE-2026-45055: CubeCart Password Reset Flaw Leads to Account Takeovervulnerability, cve, high-severity, cwe-20, cwe-345, cwe-601, cwe-784 https://shimiscyberworld.com/posts/nvd-CVE-2026-45054/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CVE-2026-45054 — CubeCart is an ecommerce software solution. Prior to 6.7.0,vulnerability, cve, medium-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45053/ Shimi's Cyber World en 2026-05-14T00:16:49+03:00 CubeCart RCE: Critical Flaw Exposes E-commerce Stores to Webshellsvulnerability, cve, critical, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-44377/ Shimi's Cyber World en 2026-05-14T00:16:48+03:00 CVE-2026-44377: Critical RCE in CubeCart eCommerce Platformvulnerability, cve, critical, high-severity, remote-code-execution, cwe-94, cwe-1336 https://shimiscyberworld.com/posts/nvd-CVE-2026-44376/ Shimi's Cyber World en 2026-05-14T00:16:48+03:00 CVE-2026-44376 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-44373/ Shimi's Cyber World en 2026-05-14T00:16:48+03:00 CVE-2026-44373 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-42602/ Shimi's Cyber World en 2026-05-14T00:16:47+03:00 CVE-2026-42602: Azure Authenticator Extension Authentication Bypassvulnerability, cve, high-severity, authentication-bypass, cwe-208, cwe-287, cwe-290, cwe-294, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-42561/ Shimi's Cyber World en 2026-05-14T00:16:47+03:00 CVE-2026-42561: Python-Multipart DoS Vulnerability Patchedvulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-42304/ Shimi's Cyber World en 2026-05-14T00:16:46+03:00 CVE-2026-42304: Twisted DNS DoS Freezes Servers with Chained Pointersvulnerability, cve, high-severity, denial-of-service, cwe-400, cwe-407 https://shimiscyberworld.com/posts/nvd-CVE-2026-39358/ Shimi's Cyber World en 2026-05-14T00:16:46+03:00 CubeCart SQLi Vulnerability (CVE-2026-39358) Exposes E-commerce Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-21821/ Shimi's Cyber World en 2026-05-14T00:16:41+03:00 HCL BigFix SCM Reporting Site Vulnerable to XSS via Outdated jQueryvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-1104 https://shimiscyberworld.com/posts/nvd-CVE-2026-44351/ Shimi's Cyber World en 2026-05-13T23:16:22+03:00 CVE-2026-44351: Critical fast-jwt Auth Bypass via Empty Keyvulnerability, cve, critical, high-severity, cwe-287, cwe-326, cwe-1391 https://shimiscyberworld.com/posts/nvd-CVE-2026-42552/ Shimi's Cyber World en 2026-05-13T23:16:22+03:00 CVE-2026-42552: Flight PHP Framework Leaks Critical Server Infovulnerability, cve, high-severity, path-traversal, cwe-209 https://shimiscyberworld.com/posts/nvd-CVE-2026-42551/ Shimi's Cyber World en 2026-05-13T23:16:22+03:00 Flight PHP Framework CVE-2026-42551: CSRF & Cache Poisoning Riskvulnerability, cve, high-severity, cwe-436 https://shimiscyberworld.com/posts/nvd-CVE-2026-42550/ Shimi's Cyber World en 2026-05-13T23:16:22+03:00 CVE-2026-42550: Flight PHP Framework SQL Injection Vulnerabilityvulnerability, cve, high-severity, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-42549/ Shimi's Cyber World en 2026-05-13T23:16:21+03:00 CVE-2026-42549 — Flight is an extensible micro-framework for PHP. Prior tovulnerability, cve, medium-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-33381/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33381 — When a user's access to mint tokens for a service accountvulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-33380/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33380 — SQL Expressions Arbitrary File Accessvulnerability, cve, medium-severity, arbitrary-file-access https://shimiscyberworld.com/posts/nvd-CVE-2026-33378/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33378 — Using the $__timeGroup macro, one can achieve an OOM byvulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-33377/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33377: Dashboard Privilege Escalation Vulnerabilityvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-33376/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-33376: IPv6 Auth Proxy Bypass Riskvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-28383/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-28383 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service https://shimiscyberworld.com/posts/nvd-CVE-2026-28380/ Shimi's Cyber World en 2026-05-13T23:16:20+03:00 CVE-2026-28380 — Any Editor could delete any snapshot, even if they have novulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-28379/ Shimi's Cyber World en 2026-05-13T23:16:19+03:00 CVE-2026-28379 — Race Conditionvulnerability, cve, medium-severity, race-condition https://shimiscyberworld.com/posts/nvd-CVE-2026-28376/ Shimi's Cyber World en 2026-05-13T23:16:19+03:00 CVE-2026-28376 — The Grafana Live push endpoint can be exploited to causevulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-28374/ Shimi's Cyber World en 2026-05-13T23:16:19+03:00 CVE-2026-28374 — Editors could delete any annotation, even those they do notvulnerability, cve, medium-severity https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-13T23:00:00+03:00 Daily Security Digest — 2026-05-13daily-digest, vulnerability, cve, critical, high-severity, cwe-328, cwe-648, remote-code-execution, cwe-502, cwe-88 https://shimiscyberworld.com/posts/alleged-dream-market-admin-arrested-in-germany-after-us-indi-6dx3x/ Shimi's Cyber World en 2026-05-13T22:54:00+03:00 Dream Market Admin Arrested in Germany After US Indictmentthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-8496/ Shimi's Cyber World en 2026-05-13T22:17:30+03:00 CVE-2026-8496 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss https://shimiscyberworld.com/posts/nvd-CVE-2026-42587/ Shimi's Cyber World en 2026-05-13T22:17:24+03:00 Netty DoS Vulnerability (CVE-2026-42587) Bypasses Decompression Limitsvulnerability, cve, high-severity, denial-of-service, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-42586/ Shimi's Cyber World en 2026-05-13T22:17:24+03:00 CVE-2026-42586 — Netty is an asynchronous, event-driven network applicationvulnerability, cve, medium-severity, cwe-93 https://shimiscyberworld.com/posts/nvd-CVE-2026-42585/ Shimi's Cyber World en 2026-05-13T22:17:24+03:00 CVE-2026-42585 — Netty is an asynchronous, event-driven network applicationvulnerability, cve, medium-severity, cwe-444 https://shimiscyberworld.com/posts/nvd-CVE-2026-42584/ Shimi's Cyber World en 2026-05-13T22:17:24+03:00 CVE-2026-42584: Netty HTTP/2 Handling Vulnerability Exposes Data Corruptionvulnerability, cve, high-severity, cwe-444 https://shimiscyberworld.com/posts/nvd-CVE-2026-42583/ Shimi's Cyber World en 2026-05-13T22:17:23+03:00 CVE-2026-42583: Netty Lz4FrameDecoder Vulnerability Exposes Apps to DoSvulnerability, cve, high-severity, cwe-400, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-42582/ Shimi's Cyber World en 2026-05-13T22:17:23+03:00 CVE-2026-42582: Netty QpackDecoder Vulnerability Exposes Apps to DoSvulnerability, cve, high-severity, cwe-770, cwe-789 https://shimiscyberworld.com/posts/nvd-CVE-2026-42580/ Shimi's Cyber World en 2026-05-13T22:17:23+03:00 CVE-2026-42580 — Netty is an asynchronous, event-driven network applicationvulnerability, cve, medium-severity, cwe-190, cwe-444 https://shimiscyberworld.com/posts/nvd-CVE-2026-42579/ Shimi's Cyber World en 2026-05-13T22:17:23+03:00 Netty DNS Codec Vulnerability (CVE-2026-42579) Exposes Systems to High-Severity Attacksvulnerability, cve, high-severity, cwe-20, cwe-400, cwe-626 https://shimiscyberworld.com/posts/nvd-CVE-2026-42577/ Shimi's Cyber World en 2026-05-13T22:17:23+03:00 Netty CVE-2026-42577: Stale Connections Lead to 100% CPU Busy-Loopsvulnerability, cve, high-severity, cwe-772 https://shimiscyberworld.com/posts/nvd-CVE-2026-41255/ Shimi's Cyber World en 2026-05-13T22:17:22+03:00 CVE-2026-41255 — CKAN is an open-source DMS (data management system) forvulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-33583/ Shimi's Cyber World en 2026-05-13T22:17:06+03:00 Arqit Symmetric Key Agreement Platform Exposes Critical Keys via HTTP GETvulnerability, cve, high-severity, cwe-749 https://shimiscyberworld.com/posts/nvd-CVE-2026-30906/ Shimi's Cyber World en 2026-05-13T22:17:05+03:00 Zoom Rooms Installer: High-Severity Privilege Escalation via Untrusted Pathvulnerability, cve, high-severity, cwe-426 https://shimiscyberworld.com/posts/nvd-CVE-2026-30905/ Shimi's Cyber World en 2026-05-13T22:17:05+03:00 Zoom Workplace VDI Plugin Vulnerability Allows Local Privilege Escalationvulnerability, cve, high-severity, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-22677/ Shimi's Cyber World en 2026-05-13T22:17:04+03:00 CVE-2026-22677 — The Session Import Endpoint That Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-45411/ Shimi's Cyber World en 2026-05-13T21:16:19+03:00 vm2 Sandbox Escape (CVE-2026-45411) Poses Critical RCE Riskvulnerability, cve, critical, high-severity, cwe-668 https://shimiscyberworld.com/posts/nvd-CVE-2026-45109/ Shimi's Cyber World en 2026-05-13T21:16:19+03:00 Next.js CVE-2026-45109: Middleware Bypass Via Turbopackvulnerability, cve, high-severity, cwe-288 https://shimiscyberworld.com/posts/nvd-CVE-2026-44579/ Shimi's Cyber World en 2026-05-13T21:16:18+03:00 Next.js Partial Prerendering Vulnerability: DoS via Connection Exhaustionvulnerability, cve, high-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-44578/ Shimi's Cyber World en 2026-05-13T21:16:17+03:00 Next.js SSRF via Crafted WebSocket Requests (CVE-2026-44578)vulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-44009/ Shimi's Cyber World en 2026-05-13T21:16:17+03:00 CVE-2026-44009: Critical vm2 Sandbox Escape Threatens Node.js Appsvulnerability, cve, critical, high-severity, cwe-668 https://shimiscyberworld.com/posts/nvd-CVE-2026-44008/ Shimi's Cyber World en 2026-05-13T21:16:17+03:00 CVE-2026-44008: Critical vm2 Sandbox Escape in Node.jsvulnerability, cve, critical, high-severity, cwe-668 https://shimiscyberworld.com/posts/nvd-CVE-2026-44007/ Shimi's Cyber World en 2026-05-13T21:16:17+03:00 vm2 Sandbox Escape (CVE-2026-44007) Allows Arbitrary OS Commandsvulnerability, cve, critical, high-severity, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-44006/ Shimi's Cyber World en 2026-05-13T21:16:17+03:00 vm2 Sandbox Escape (CVE-2026-44006) Poses Critical Threat to Node.jsvulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-44005/ Shimi's Cyber World en 2026-05-13T21:16:17+03:00 CVE-2026-44005: Critical vm2 Sandbox Escape Threatens Node.js Applicationsvulnerability, cve, critical, high-severity, cwe-94, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-44004/ Shimi's Cyber World en 2026-05-13T21:16:17+03:00 CVE-2026-44004: vm2 Sandbox Vulnerability Leads to Host Memory Exhaustionvulnerability, cve, high-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-44001/ Shimi's Cyber World en 2026-05-13T21:16:16+03:00 vm2 Sandbox Escape (CVE-2026-44001) Allows Host Node.js Process Crashvulnerability, cve, high-severity, cwe-248 https://shimiscyberworld.com/posts/nvd-CVE-2026-44000/ Shimi's Cyber World en 2026-05-13T21:16:16+03:00 CVE-2026-44000 — vm2 is an open source vm/sandbox for Node.js. Prior tovulnerability, cve, medium-severity, cwe-693 https://shimiscyberworld.com/posts/nvd-CVE-2026-43999/ Shimi's Cyber World en 2026-05-13T21:16:16+03:00 CVE-2026-43999: Critical vm2 Sandbox Bypass Leads to RCEvulnerability, cve, critical, high-severity, remote-code-execution, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-43998/ Shimi's Cyber World en 2026-05-13T21:16:16+03:00 CVE-2026-43998: vm2 Sandbox Bypass Leads to RCE in Node.jsvulnerability, cve, high-severity, remote-code-execution, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-43997/ Shimi's Cyber World en 2026-05-13T21:16:16+03:00 vm2 Sandbox Escape (CVE-2026-43997) Exposes Node.js Hostsvulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/telegram-1542954397-4584/ Shimi's Cyber World en 2026-05-13T21:01:10+03:00 Google Documents First AI-Assisted 0-Day Exploit in the Wildvulnerability https://shimiscyberworld.com/posts/european-commission-head-pushes-creation-of-new-law-delaying-tx0e1/ Shimi's Cyber World en 2026-05-13T20:38:00+03:00 European Commission Pushes New Law to Delay Teen Social Media Accessthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-44577/ Shimi's Cyber World en 2026-05-13T20:16:23+03:00 CVE-2026-44577 — Next.js is a React framework for building full-stack webvulnerability, cve, medium-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-44576/ Shimi's Cyber World en 2026-05-13T20:16:23+03:00 CVE-2026-44576 — Next.js is a React framework for building full-stack webvulnerability, cve, medium-severity, cwe-436 https://shimiscyberworld.com/posts/nvd-CVE-2026-44575/ Shimi's Cyber World en 2026-05-13T20:16:22+03:00 Next.js App Router Flaw Bypasses Middleware Authorizationvulnerability, cve, high-severity, cwe-288 https://shimiscyberworld.com/posts/nvd-CVE-2026-44574/ Shimi's Cyber World en 2026-05-13T20:16:22+03:00 Next.js Middleware Bypass (CVE-2026-44574) Exposes Dynamic Routesvulnerability, cve, high-severity, cwe-288 https://shimiscyberworld.com/posts/nvd-CVE-2026-44573/ Shimi's Cyber World en 2026-05-13T20:16:22+03:00 Next.js Vulnerability Exposes Protected Data via Pages Routervulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-2695/ Shimi's Cyber World en 2026-05-13T20:16:19+03:00 CVE-2026-2695 — A command injection vulnerability was discovered invulnerability, cve, medium-severity, cwe-20 https://shimiscyberworld.com/posts/windows-bitlocker-zero-day-gives-access-to-protected-drives-ee66q/ Shimi's Cyber World en 2026-05-13T19:37:49+03:00 Microsoft BitLocker Zero-Day Exposes Protected Drivesthreat-intel, data-breach, malware, vulnerability, microsoft, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-6281/ Shimi's Cyber World en 2026-05-13T19:17:01+03:00 Lenovo Personal Cloud Storage RCE Vulnerability (CVE-2026-6281)vulnerability, cve, high-severity, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-42930/ Shimi's Cyber World en 2026-05-13T19:16:49+03:00 BIG-IP Appliance Mode Bypass Vulnerability (CVE-2026-42930)vulnerability, cve, high-severity, cwe-35 https://shimiscyberworld.com/posts/nvd-CVE-2026-42924/ Shimi's Cyber World en 2026-05-13T19:16:49+03:00 CVE-2026-42924: F5 iControl SOAP Privilege Escalationvulnerability, cve, high-severity, privilege-escalation, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-42406/ Shimi's Cyber World en 2026-05-13T19:16:47+03:00 F5 BIG-IP, BIG-IQ CVE-2026-42406: Critical RCE for Privileged Attackersvulnerability, cve, high-severity, cwe-267 https://shimiscyberworld.com/posts/nvd-CVE-2026-42266/ Shimi's Cyber World en 2026-05-13T19:16:47+03:00 JupyterLab CVE-2026-42266: PyPI Extension Manager Bypassvulnerability, cve, high-severity, cwe-88, cwe-602 https://shimiscyberworld.com/posts/nvd-CVE-2026-41957/ Shimi's Cyber World en 2026-05-13T19:16:45+03:00 BIG-IP, BIG-IQ Configuration Utility RCE via Authenticated Accessvulnerability, cve, high-severity, remote-code-execution, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-41953/ Shimi's Cyber World en 2026-05-13T19:16:45+03:00 BIG-IP Privilege Escalation: CVE-2026-41953 Allows Resource Admin to Rootvulnerability, cve, high-severity, privilege-escalation, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-41225/ Shimi's Cyber World en 2026-05-13T19:16:44+03:00 CVE-2026-41225: Critical iControl REST Vulnerability Allows Arbitrary Command Executionvulnerability, cve, critical, high-severity, cwe-648 https://shimiscyberworld.com/posts/nvd-CVE-2026-40698/ Shimi's Cyber World en 2026-05-13T19:16:43+03:00 F5 BIG-IP, BIG-IQ Privilege Escalation: CVE-2026-40698vulnerability, cve, high-severity, privilege-escalation, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-40631/ Shimi's Cyber World en 2026-05-13T19:16:43+03:00 CVE-2026-40631: F5 iControl SOAP Privilege Escalationvulnerability, cve, high-severity, privilege-escalation, cwe-552 https://shimiscyberworld.com/posts/nvd-CVE-2026-40061/ Shimi's Cyber World en 2026-05-13T19:16:42+03:00 F5 BIG-IP DNS Vulnerability Allows Privilege Escalationvulnerability, cve, high-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-34176/ Shimi's Cyber World en 2026-05-13T19:16:39+03:00 CVE-2026-34176: High-Severity Command Injection in iControl REST Endpointvulnerability, cve, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-32673/ Shimi's Cyber World en 2026-05-13T19:16:39+03:00 F5 BIG-IP Scripted Monitors Allow High-Privilege Command Execution (CVE-2026-32673)vulnerability, cve, high-severity, cwe-250 https://shimiscyberworld.com/posts/nvd-CVE-2026-32643/ Shimi's Cyber World en 2026-05-13T19:16:39+03:00 F5 BIG-IP/BIG-IQ CVE-2026-32643: High-Privilege RCEvulnerability, cve, high-severity, cwe-250 https://shimiscyberworld.com/posts/nvd-CVE-2020-37168/ Shimi's Cyber World en 2026-05-13T19:16:31+03:00 Ecommerce Systempay 1.0 Critical Weak Crypto Vulnerability (CVE-2020-37168)vulnerability, cve, critical, high-severity, cwe-328 https://shimiscyberworld.com/posts/telegram-1542954397-4583/ Shimi's Cyber World en 2026-05-13T18:45:43+03:00 Microsoft BitLocker Bypass, Privilege Escalation Exploits Released on Patch Tuesdaymalware, vulnerability, microsoft https://shimiscyberworld.com/posts/telegram-1373735086-5030/ Shimi's Cyber World en 2026-05-13T18:15:19+03:00 The Gentleman Leads Ransomware Surge: 46 Attacks in 24 Hoursdarkweb, threat-intel, ransomware, malware, data-breach, darkfeed https://shimiscyberworld.com/posts/microsoft-fixes-windows-autopatch-bug-installing-restricted-jcyhx/ Shimi's Cyber World en 2026-05-13T17:36:09+03:00 Microsoft Autopatch Bug Deployed Restricted Drivers in EUthreat-intel, data-breach, malware, vulnerability, microsoft https://shimiscyberworld.com/posts/telegram-1427288221-8924/ Shimi's Cyber World en 2026-05-13T16:47:08+03:00 Israeli Cybersecurity Startups Dominate Global 'Rising In Cyber 2026' Listisrael https://shimiscyberworld.com/posts/microsoft-s-mdash-ai-system-finds-16-windows-flaws-fixed-in-xcu3c/ Shimi's Cyber World en 2026-05-13T16:46:02+03:00 Microsoft MDASH AI System Discovers 16 Windows Vulnerabilitiesthreat-intel, vulnerability, cloud, microsoft, ai-security https://shimiscyberworld.com/posts/azerbaijani-energy-firm-hit-by-repeated-microsoft-exchange-e-ljhot/ Shimi's Cyber World en 2026-05-13T16:00:00+03:00 FamousSparrow Expands Targeting, Hits Azerbaijani Energy Firm via Exchangethreat-intel, vulnerability, microsoft https://shimiscyberworld.com/posts/uk-moves-to-shield-security-researchers-in-cybercrime-law-ov-1nr9d/ Shimi's Cyber World en 2026-05-13T15:58:00+03:00 UK Reforms Cybercrime Law, Shields Security Researchersthreat-intel, data-breach, government https://shimiscyberworld.com/posts/microsoft-on-pace-to-break-annual-vulnerability-record-as-ai-d0h2b/ Shimi's Cyber World en 2026-05-13T15:54:00+03:00 Microsoft on Pace to Break Annual Vulnerability Recordthreat-intel, data-breach, government, vulnerability, microsoft https://shimiscyberworld.com/posts/government-to-scrutinize-instructure-over-canvas-disruption-q0yi6/ Shimi's Cyber World en 2026-05-13T15:13:14+03:00 Instructure Canvas Disruption Under Government Scrutinythreat-intel, vulnerability, data-breach https://shimiscyberworld.com/posts/telegram-1542954397-4582/ Shimi's Cyber World en 2026-05-13T15:00:21+03:00 AI Code Analysis Tools: Reality Check on Mythos vs. Curl https://shimiscyberworld.com/posts/telegram-1427288221-8923/ Shimi's Cyber World en 2026-05-13T14:54:00+03:00 West Pharmaceutical Services Hit by Ransomware, Data Stolenisrael https://shimiscyberworld.com/posts/webinar-why-your-appsec-tools-miss-the-lethal-path-and-xizh2/ Shimi's Cyber World en 2026-05-13T14:52:43+03:00 AppSec Tools Miss 'Lethal Paths' to Data, Say Wiz and Okta/GitLabthreat-intel, vulnerability, cloud, tools https://shimiscyberworld.com/posts/most-remediation-programs-never-confirm-the-fix-actually-wor-1f9t0/ Shimi's Cyber World en 2026-05-13T14:30:00+03:00 Remediation Failure: Most Fixes Unconfirmed, Attackers Winthreat-intel, vulnerability https://shimiscyberworld.com/posts/716-000-impacted-by-openloop-health-data-breach-bf2jz/ Shimi's Cyber World en 2026-05-13T14:18:03+03:00 OpenLoop Health Data Breach Impacts 716,000 Patientsthreat-intel, vulnerability, data-breach https://shimiscyberworld.com/posts/microsoft-patches-critical-zero-click-outlook-vulnerability-6u49r/ Shimi's Cyber World en 2026-05-13T13:33:46+03:00 Microsoft Outlook Zero-Click Vulnerability: A Critical Enterprise Threatthreat-intel, vulnerability, microsoft https://shimiscyberworld.com/posts/telegram-1427288221-8921/ Shimi's Cyber World en 2026-05-13T13:04:41+03:00 Password Insecurity: Israelis Mirror Global Trends, Neglecting Basic Hygieneisrael https://shimiscyberworld.com/posts/telegram-1427288221-8920/ Shimi's Cyber World en 2026-05-13T12:05:23+03:00 Pro-Iranian Group Claims eBay, Spotify Attacks, Citing Major Disruptionsisrael https://shimiscyberworld.com/posts/gemstuffer-abuses-150-rubygems-to-exfiltrate-scraped-u-k-c-ayhpb/ Shimi's Cyber World en 2026-05-13T11:08:54+03:00 GemStuffer Abuses RubyGems for Covert UK Council Data Exfiltrationthreat-intel, vulnerability, malware, the-hacker-news https://shimiscyberworld.com/posts/hundreds-of-malicious-packages-force-rubygems-to-suspend-reg-8k148/ Shimi's Cyber World en 2026-05-13T10:30:36+03:00 RubyGems Suspends Registrations After Malicious Package Floodthreat-intel, vulnerability https://shimiscyberworld.com/posts/telegram-1427288221-8919/ Shimi's Cyber World en 2026-05-13T10:02:10+03:00 Unusual Admin Logins, Data Exfiltration: The 2 AM SOC Gapisrael, cybersafe https://shimiscyberworld.com/posts/android-adds-intrusion-logging-for-sophisticated-spyware-for-gchn1/ Shimi's Cyber World en 2026-05-13T09:55:42+03:00 Android Adds Intrusion Logging for Spyware Forensicsthreat-intel, vulnerability https://shimiscyberworld.com/posts/canada-life-237-810-breached-accounts-hloh6/ Shimi's Cyber World en 2026-05-13T09:51:17+03:00 Canada Life Hit by ShinyHunters 'Pay or Leak' Extortiondata-breach, phishing, threat-intel, tools https://shimiscyberworld.com/posts/ics-patch-tuesday-new-security-advisories-from-siemens-sch-icslu/ Shimi's Cyber World en 2026-05-13T09:50:51+03:00 ICS Patch Tuesday: Siemens, Schneider, CISA Release Advisoriesthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/telegram-1427288221-8916/ Shimi's Cyber World en 2026-05-13T08:10:35+03:00 Akamai Reportedly in Advanced Talks to Acquire Israeli Startup LayerXisrael https://shimiscyberworld.com/posts/telegram-1427288221-8914/ Shimi's Cyber World en 2026-05-13T07:47:25+03:00 Microsoft Warns of Russian Wiper Malware Targeting Israel, Iranisrael, data-breach, identity, threat-intel https://shimiscyberworld.com/posts/telegram-1427288221-8912/ Shimi's Cyber World en 2026-05-13T07:43:08+03:00 Israel National Cyber Directorate Warns of Coordinated Psychological Operationsisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-8108/ Shimi's Cyber World en 2026-05-13T02:16:19+03:00 Fuji Tellus Driver Grants All Users Kernel R/W: CVE-2026-8108vulnerability, cve, high-severity, cwe-749 https://shimiscyberworld.com/posts/nvd-CVE-2026-5371/ Shimi's Cyber World en 2026-05-13T02:16:18+03:00 MonsterInsights WordPress Plugin Exposes Google OAuth Tokensvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-44548/ Shimi's Cyber World en 2026-05-13T02:16:18+03:00 ChurchCRM CVE-2026-44548: High-Severity CSRF Allows Silent Record Deletionvulnerability, cve, high-severity, cwe-352, cwe-650 https://shimiscyberworld.com/posts/nvd-CVE-2026-44547/ Shimi's Cyber World en 2026-05-13T02:16:18+03:00 CVE-2026-44547: ChurchCRM Critical Vulnerability Persists in 7.2.x Releasesvulnerability, cve, critical, high-severity, cwe-287, cwe-304 https://shimiscyberworld.com/posts/nvd-CVE-2026-44347/ Shimi's Cyber World en 2026-05-13T02:16:18+03:00 CVE-2026-44347 — Warpgate is an open source SSH, HTTPS and MySQL bastionvulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-44341/ Shimi's Cyber World en 2026-05-13T02:16:18+03:00 CVE-2026-44341 — GoJobs is a REST API for a Job Board platform. Thevulnerability, cve, medium-severity, cwe-284, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44245/ Shimi's Cyber World en 2026-05-13T02:16:18+03:00 CVE-2026-44245 — Kyverno is a policy engine designed for cloud nativevulnerability, cve, medium-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-42289/ Shimi's Cyber World en 2026-05-13T02:16:17+03:00 ChurchCRM CVE-2026-42289: CSRF Allows Admin Account Creationvulnerability, cve, high-severity, cwe-269, cwe-306, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-42288/ Shimi's Cyber World en 2026-05-13T02:16:17+03:00 ChurchCRM RCE: Unpatched Setup Wizard Leaves Systems Exposedvulnerability, cve, critical, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41901/ Shimi's Cyber World en 2026-05-13T02:16:17+03:00 CVE-2026-41901: Critical Server-Side Template Injection in Thymeleafvulnerability, cve, critical, high-severity, cwe-917, cwe-1336 https://shimiscyberworld.com/posts/nvd-CVE-2026-1250/ Shimi's Cyber World en 2026-05-13T02:16:16+03:00 CVE-2026-1250: WordPress Court Booking Plugin SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2025-15463/ Shimi's Cyber World en 2026-05-13T02:16:15+03:00 CVE-2025-15463 — Code Executionvulnerability, cve, medium-severity, code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-8449/ Shimi's Cyber World en 2026-05-13T01:16:38+03:00 CVE-2026-8449: Linux ksmbd Heap Corruption Allows Remote Kernel RCEvulnerability, cve, high-severity, code-execution, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-45227/ Shimi's Cyber World en 2026-05-13T01:16:38+03:00 Heym Sandbox Escape Vulnerability (CVE-2026-45227) Allows Arbitrary Host Commandsvulnerability, cve, high-severity, cwe-693 https://shimiscyberworld.com/posts/nvd-CVE-2026-45225/ Shimi's Cyber World en 2026-05-13T01:16:37+03:00 Heym Path Traversal (CVE-2026-45225) Allows Arbitrary File Writesvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-44304/ Shimi's Cyber World en 2026-05-13T01:16:37+03:00 CVE-2026-44304: Lemur LDAP Auth Flaw Allows Privilege Escalationvulnerability, cve, high-severity, cwe-90 https://shimiscyberworld.com/posts/nvd-CVE-2026-44262/ Shimi's Cyber World en 2026-05-13T01:16:36+03:00 CVE-2026-44262: Critical RCE in Laravel Scramble API Docsvulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-44260/ Shimi's Cyber World en 2026-05-13T01:16:36+03:00 CVE-2026-44260: efw4.X Readonly Flag Bypass Leads to File Modificationvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-44241/ Shimi's Cyber World en 2026-05-13T01:16:35+03:00 Micronaut Framework DoS Vulnerability (CVE-2026-44241) Risks Heap Exhaustionvulnerability, cve, high-severity, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-44015/ Shimi's Cyber World en 2026-05-13T01:16:35+03:00 CVE-2026-44015: Nginx UI SSRF Bypasses Network Segmentationvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-43948/ Shimi's Cyber World en 2026-05-13T01:16:35+03:00 CVE-2026-43948: wger Workout Manager Critical Account Takeovervulnerability, cve, critical, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42855/ Shimi's Cyber World en 2026-05-13T01:16:35+03:00 CVE-2026-42855: arduino-esp32 Digest Auth Bypass Threatens IoT Securityvulnerability, cve, high-severity, cwe-287 https://shimiscyberworld.com/posts/nvd-CVE-2026-42854/ Shimi's Cyber World en 2026-05-13T01:16:34+03:00 CVE-2026-42854: Critical RCE in arduino-esp32 WebServervulnerability, cve, critical, high-severity, remote-code-execution, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-42544/ Shimi's Cyber World en 2026-05-13T01:16:34+03:00 Granian HTTP Server Vulnerability: Unauthenticated DoS via WebSocket Protocol Headervulnerability, cve, high-severity, cwe-20, cwe-248, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-40902/ Shimi's Cyber World en 2026-05-13T01:16:33+03:00 CVE-2026-40902: PhpSpreadsheet DoS Vulnerability Exploited with Malicious XLSXvulnerability, cve, high-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-40863/ Shimi's Cyber World en 2026-05-13T01:16:33+03:00 CVE-2026-40863: PhpSpreadsheet DoS Vulnerability Hits High Severityvulnerability, cve, high-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-26289/ Shimi's Cyber World en 2026-05-13T01:16:32+03:00 CVE-2026-26289: PowerSYSTEM Center REST API Exposes Admin Datavulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-44403/ Shimi's Cyber World en 2026-05-13T00:16:16+03:00 Wing FTP Server RCE (CVE-2026-44403) Allows Admin Lua Injectionvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-44246/ Shimi's Cyber World en 2026-05-13T00:16:16+03:00 CVE-2026-44246: nnU-Net Agentic Workflow Injection Puts GitHub Workflows at Riskvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-44240/ Shimi's Cyber World en 2026-05-13T00:16:16+03:00 CVE-2026-44240: basic-ftp Client-Side DoS Poses Risk to Node.js Applicationsvulnerability, cve, high-severity, denial-of-service, cwe-400, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-35504/ Shimi's Cyber World en 2026-05-13T00:16:15+03:00 CVE-2026-35504 — PowerSYSTEM Center email notification service is affectedvulnerability, cve, medium-severity, cwe-93 https://shimiscyberworld.com/posts/nvd-CVE-2026-7474/ Shimi's Cyber World en 2026-05-12T23:16:46+03:00 HashiCorp Nomad Code Execution (CVE-2026-7474) via Path Traversalvulnerability, cve, high-severity, code-execution, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-44225/ Shimi's Cyber World en 2026-05-12T23:16:43+03:00 CVE-2026-44225: Pulpy Packager Allows Arbitrary File Accessvulnerability, cve, critical, high-severity, arbitrary-file-access, cwe-22, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-44221/ Shimi's Cyber World en 2026-05-12T23:16:43+03:00 ArcadeDB Critical Vulnerability Bypasses Authorization Across Databasesvulnerability, cve, critical, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-42889/ Shimi's Cyber World en 2026-05-12T23:16:42+03:00 CVE-2026-42889: Relay Obsidian Server Authentication Bypass Criticalvulnerability, cve, critical, high-severity, authentication-bypass, cwe-639, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-34690/ Shimi's Cyber World en 2026-05-12T23:16:38+03:00 Adobe After Effects Stack-Based Buffer Overflow (CVE-2026-34690) Allows RCEvulnerability, cve, high-severity, code-execution, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-34686/ Shimi's Cyber World en 2026-05-12T23:16:38+03:00 Adobe Commerce Stored XSS Puts Low-Privilege Attackers in Control (CVE-2026-34686)vulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-34653/ Shimi's Cyber World en 2026-05-12T23:16:36+03:00 Adobe Commerce Path Traversal (CVE-2026-34653) Allows File System Read/Writevulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-34649/ Shimi's Cyber World en 2026-05-12T23:16:35+03:00 Adobe Commerce DoS Vulnerability (CVE-2026-34649) Puts E-commerce at Riskvulnerability, cve, high-severity, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-34648/ Shimi's Cyber World en 2026-05-12T23:16:35+03:00 Adobe Commerce DoS Vulnerability: CVE-2026-34648 Puts E-Commerce at Riskvulnerability, cve, high-severity, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-34646/ Shimi's Cyber World en 2026-05-12T23:16:35+03:00 Adobe Commerce Vulnerability Allows Unauthorized Write Accessvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-34645/ Shimi's Cyber World en 2026-05-12T23:16:35+03:00 Adobe Commerce CVE-2026-34645: Critical Auth Bypass Grants Write Accessvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-23827/ Shimi's Cyber World en 2026-05-12T23:16:31+03:00 CVE-2026-23827: Unauthenticated RCE in AOS-8 and AOS-10 Network Managementvulnerability, cve, high-severity, remote-code-execution https://shimiscyberworld.com/posts/nvd-CVE-2026-23826/ Shimi's Cyber World en 2026-05-12T23:16:31+03:00 AOS-8 Operating System Vulnerability Could Lead to DoSvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-23825/ Shimi's Cyber World en 2026-05-12T23:16:31+03:00 CVE-2026-23825: Unauthenticated DoS in AOS-8, AOS-10 Operating Systemsvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-23824/ Shimi's Cyber World en 2026-05-12T23:16:31+03:00 CVE-2026-23824: AOS-8 and AOS-10 Protocol Vulnerabilities Lead to DoSvulnerability, cve, high-severity https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-12T23:00:00+03:00 Daily Security Digest — 2026-05-12daily-digest, vulnerability, cve, critical, high-severity, cwe-287, cwe-522, cwe-798, path-traversal, cwe-22 https://shimiscyberworld.com/posts/foxconn-confirms-cyberattack-impacting-north-american-factor-cn1ao/ Shimi's Cyber World en 2026-05-12T22:57:00+03:00 Foxconn Confirms Cyberattack on North American Factoriesthreat-intel, data-breach, government https://shimiscyberworld.com/posts/congressman-launches-inquiry-into-how-food-retailers-use-sur-ardp7/ Shimi's Cyber World en 2026-05-12T22:47:00+03:00 Congress Probes Food Retailers Over Surveillance Pricing Practicesthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-8431/ Shimi's Cyber World en 2026-05-12T22:16:34+03:00 MongoDB Ops Manager RCE via Webhook Template Injection (CVE-2026-8431)vulnerability, cve, high-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-8430/ Shimi's Cyber World en 2026-05-12T22:16:34+03:00 CVE-2026-8430: SPIP RCE Limited to Nginx Configurationsvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-8429/ Shimi's Cyber World en 2026-05-12T22:16:34+03:00 SPIP RCE Vulnerability (CVE-2026-8429) Bypasses Security Protectionsvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-34684/ Shimi's Cyber World en 2026-05-12T22:16:31+03:00 CVE-2026-34684 — Code Executionvulnerability, cve, medium-severity, code-execution, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-34683/ Shimi's Cyber World en 2026-05-12T22:16:31+03:00 CVE-2026-34683 — Code Executionvulnerability, cve, medium-severity, code-execution, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-34682/ Shimi's Cyber World en 2026-05-12T22:16:31+03:00 Substance3D Designer Out-of-Bounds Write Allows RCEvulnerability, cve, high-severity, code-execution, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-34681/ Shimi's Cyber World en 2026-05-12T22:16:31+03:00 Substance3D Designer RCE: Malicious File Opens Door to Arbitrary Code Executionvulnerability, cve, high-severity, code-execution, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-34664/ Shimi's Cyber World en 2026-05-12T22:16:31+03:00 CVE-2026-34664 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-34660/ Shimi's Cyber World en 2026-05-12T22:16:30+03:00 Adobe Connect Critical RCE: Incorrect Authorization Leads to Code Executionvulnerability, cve, critical, high-severity, code-execution, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-34659/ Shimi's Cyber World en 2026-05-12T22:16:30+03:00 Adobe Connect CVE-2026-34659: Critical RCE via Deserialization of Untrusted Datavulnerability, cve, critical, high-severity, code-execution, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-23823/ Shimi's Cyber World en 2026-05-12T22:16:29+03:00 AOS-10 AP Command Injection: CVE-2026-23823 Exposes Networksvulnerability, cve, high-severity, command-injection https://shimiscyberworld.com/posts/nvd-CVE-2026-23822/ Shimi's Cyber World en 2026-05-12T22:16:28+03:00 CVE-2026-23822 — The XML Handling Component Of AOS-8 DHCP Services Vulnerabilityvulnerability, cve, medium-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-23821/ Shimi's Cyber World en 2026-05-12T22:16:28+03:00 CVE-2026-23821: Aruba AOS-10 APs Vulnerable to RCEvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-23820/ Shimi's Cyber World en 2026-05-12T22:16:28+03:00 CVE-2026-23820: Aruba AOS-8/10 AP CLI Vulnerability Allows Arbitrary Command Executionvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-23819/ Shimi's Cyber World en 2026-05-12T22:16:28+03:00 AOS-10/AOS-8 Instant AP Vulnerability Allows Remote Code Executionvulnerability, cve, high-severity https://shimiscyberworld.com/posts/west-pharmaceutical-warns-of-ransomware-attack-impacting-bus-3kcdz/ Shimi's Cyber World en 2026-05-12T22:00:00+03:00 West Pharmaceutical Hit by Ransomware, Data Stolenthreat-intel, data-breach, government, malware, ransomware, microsoft https://shimiscyberworld.com/posts/microsoft-releases-windows-10-kb5087544-extended-security-up-brfsz/ Shimi's Cyber World en 2026-05-12T21:58:34+03:00 Microsoft Releases Windows 10 KB5087544 Extended Security Updatethreat-intel, data-breach, malware, vulnerability, microsoft, tools https://shimiscyberworld.com/posts/telegram-1542954397-4580/ Shimi's Cyber World en 2026-05-12T21:45:36+03:00 Free Online File Converters: A Malware and Data Theft Vectormalware, ransomware, tools https://shimiscyberworld.com/posts/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-for-eqslh/ Shimi's Cyber World en 2026-05-12T21:23:09+03:00 Fortinet Warns of Critical RCE Flaws in FortiSandbox and FortiAuthenticatorthreat-intel, data-breach, malware, vulnerability, cloud, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-44277/ Shimi's Cyber World en 2026-05-12T21:17:30+03:00 Fortinet FortiAuthenticator Critical Improper Access Control Vulnerabilityvulnerability, cve, critical, high-severity, improper-access-control, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-44196/ Shimi's Cyber World en 2026-05-12T21:17:29+03:00 Pingvin Share X Critical 2FA Bypass (CVE-2026-44196)vulnerability, cve, critical, high-severity, authentication-bypass, cwe-287, cwe-697 https://shimiscyberworld.com/posts/nvd-CVE-2026-44183/ Shimi's Cyber World en 2026-05-12T21:17:29+03:00 Cleanuparr CVE-2026-44183: Critical RCE via X-Forwarded-For Header Spoofingvulnerability, cve, critical, high-severity, cwe-290, cwe-348 https://shimiscyberworld.com/posts/nvd-CVE-2026-42898/ Shimi's Cyber World en 2026-05-12T21:17:26+03:00 Microsoft Dynamics 365 On-Premises Critical Code Injection (CVE-2026-42898)vulnerability, cve, critical, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-42833/ Shimi's Cyber World en 2026-05-12T21:17:25+03:00 Microsoft Dynamics 365 On-Premises Critical RCE via Unnecessary Privilegesvulnerability, cve, critical, high-severity, cwe-250 https://shimiscyberworld.com/posts/nvd-CVE-2026-42823/ Shimi's Cyber World en 2026-05-12T21:17:25+03:00 CVE-2026-42823: Critical Privilege Escalation in Azure Logic Appsvulnerability, cve, critical, high-severity, improper-access-control, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-42048/ Shimi's Cyber World en 2026-05-12T21:17:23+03:00 CVE-2026-42048: Langflow Path Traversal Exposes Servers to Arbitrary Deletionvulnerability, cve, critical, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41103/ Shimi's Cyber World en 2026-05-12T21:17:21+03:00 Microsoft SSO Plugin for Jira & Confluence Critical Auth Bypassvulnerability, cve, critical, high-severity, cwe-303 https://shimiscyberworld.com/posts/nvd-CVE-2026-41096/ Shimi's Cyber World en 2026-05-12T21:17:21+03:00 Microsoft Windows DNS Heap Overflow (CVE-2026-41096) Allows Remote Code Executionvulnerability, cve, critical, high-severity, buffer-overflow, cwe-122 https://shimiscyberworld.com/posts/nvd-CVE-2026-41089/ Shimi's Cyber World en 2026-05-12T21:17:20+03:00 CVE-2026-41089: Critical Netlogon RCE Threatens Windows Networksvulnerability, cve, critical, high-severity, buffer-overflow, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-40402/ Shimi's Cyber World en 2026-05-12T21:17:18+03:00 Windows Hyper-V Critical Privilege Escalation via Use-After-Freevulnerability, cve, critical, high-severity, use-after-free, cwe-416 https://shimiscyberworld.com/posts/nvd-CVE-2026-40379/ Shimi's Cyber World en 2026-05-12T21:17:16+03:00 CVE-2026-40379: Critical Azure Entra ID Spoofing Vulnerabilityvulnerability, cve, critical, high-severity, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-33117/ Shimi's Cyber World en 2026-05-12T21:17:04+03:00 Azure SDK Critical Vulnerability Allows Authentication Bypassvulnerability, cve, critical, high-severity, cwe-287, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-29204/ Shimi's Cyber World en 2026-05-12T21:16:51+03:00 CVE-2026-29204: Critical Client Area Vulnerability Exposes cPanel Accountsvulnerability, cve, critical, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-26083/ Shimi's Cyber World en 2026-05-12T21:16:39+03:00 Fortinet FortiSandbox Critical RCE: Unauthenticated Attackers Can Execute Commandsvulnerability, cve, critical, high-severity, cwe-862 https://shimiscyberworld.com/posts/windows-11-kb5089549-kb5087420-cumulative-updates-released-cpg9z/ Shimi's Cyber World en 2026-05-12T21:09:12+03:00 Microsoft Ships Windows 11 Cumulative Updates KB5089549 & KB5087420threat-intel, data-breach, malware, microsoft, tools https://shimiscyberworld.com/posts/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-da-3a4wi/ Shimi's Cyber World en 2026-05-12T21:08:06+03:00 Microsoft May 2026 Patch Tuesday: 120 Flaws, Critical RCEs in Officethreat-intel, data-breach, malware, vulnerability, cloud, microsoft https://shimiscyberworld.com/posts/microsoft-patches-137-vulnerabilities-pu5ap/ Shimi's Cyber World en 2026-05-12T21:07:39+03:00 Microsoft Patches 137 Vulnerabilities, Including Critical Azure, Windows Flawsthreat-intel, vulnerability, cloud, microsoft, identity https://shimiscyberworld.com/posts/exaforce-raises-125-million-for-agentic-soc-platform-adf9e/ Shimi's Cyber World en 2026-05-12T20:23:00+03:00 Exaforce Raises $125 Million for Agentic SOC Platformthreat-intel, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-43993/ Shimi's Cyber World en 2026-05-12T20:16:21+03:00 CVE-2026-43993: JunoClaw AI Platform SSRF Vulnerabilityvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-43992/ Shimi's Cyber World en 2026-05-12T20:16:21+03:00 CVE-2026-43992: JunoClaw AI Exposes BIP-39 Seeds in Tool Callsvulnerability, cve, critical, high-severity, cwe-200, cwe-312, cwe-522, cwe-532 https://shimiscyberworld.com/posts/nvd-CVE-2026-43991/ Shimi's Cyber World en 2026-05-12T20:16:21+03:00 JunoClaw Command Bypass Vulnerability CVE-2026-43991 Poses High Riskvulnerability, cve, high-severity, cwe-78, cwe-184 https://shimiscyberworld.com/posts/nvd-CVE-2026-43990/ Shimi's Cyber World en 2026-05-12T20:16:20+03:00 CVE-2026-43990: JunoClaw Agentic AI Shell Injection Riskvulnerability, cve, high-severity, cwe-77, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-43989/ Shimi's Cyber World en 2026-05-12T20:16:20+03:00 CVE-2026-43989: JunoClaw Agentic AI Exposes Filesystem to Agentsvulnerability, cve, high-severity, cwe-20, cwe-22, cwe-59, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-25431/ Shimi's Cyber World en 2026-05-12T20:16:20+03:00 CVE-2026-25431 — WPMU DEV Hustle Vulnerabilityvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/european-countries-are-exporting-surveillance-tech-to-countr-pws9y/ Shimi's Cyber World en 2026-05-12T19:49:00+03:00 EU Surveillance Tech Exports Undermine Human Rights, Report Findsthreat-intel, data-breach, government, tools https://shimiscyberworld.com/posts/adobe-patches-52-vulnerabilities-in-10-products-ebs9h/ Shimi's Cyber World en 2026-05-12T19:47:21+03:00 Adobe Patches 52 Vulnerabilities Across 10 Productsthreat-intel, vulnerability, cloud https://shimiscyberworld.com/posts/new-exim-bdat-vulnerability-exposes-gnutls-builds-to-potenti-580ue/ Shimi's Cyber World en 2026-05-12T19:44:00+03:00 Exim BDAT Vulnerability (CVE-2026-45185) Exposes GnuTLS Builds to RCEthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-8111/ Shimi's Cyber World en 2026-05-12T18:16:18+03:00 Ivanti Endpoint Manager RCE via SQL Injection (CVE-2026-8111)vulnerability, cve, high-severity, remote-code-execution, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-8110/ Shimi's Cyber World en 2026-05-12T18:16:17+03:00 Ivanti Endpoint Manager Privilege Escalation (CVE-2026-8110)vulnerability, cve, high-severity, cwe-732 https://shimiscyberworld.com/posts/nvd-CVE-2026-8109/ Shimi's Cyber World en 2026-05-12T18:16:17+03:00 CVE-2026-8109 — An exposed dangerous method on the Core Server of Ivantivulnerability, cve, medium-severity, cwe-749 https://shimiscyberworld.com/posts/nvd-CVE-2026-8051/ Shimi's Cyber World en 2026-05-12T18:16:17+03:00 Ivanti Virtual Traffic Manager RCE via OS Command Injectionvulnerability, cve, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-8043/ Shimi's Cyber World en 2026-05-12T18:16:17+03:00 Ivanti Xtraction Critical Vulnerability Allows Remote File Manipulationvulnerability, cve, critical, high-severity, information-disclosure, cwe-73 https://shimiscyberworld.com/posts/nvd-CVE-2026-7432/ Shimi's Cyber World en 2026-05-12T18:16:17+03:00 Ivanti Secure Access Client: Local Privilege Escalation via Race Condition (CVE-2026-7432)vulnerability, cve, high-severity, race-condition, cwe-362 https://shimiscyberworld.com/posts/nvd-CVE-2026-7431/ Shimi's Cyber World en 2026-05-12T18:16:16+03:00 CVE-2026-7431 — An incorrect permission assignment for critical resource ofvulnerability, cve, medium-severity, cwe-732 https://shimiscyberworld.com/posts/nvd-CVE-2026-5061/ Shimi's Cyber World en 2026-05-12T18:16:16+03:00 CVE-2026-5061 — The consul-template library before version 0.42.0 isvulnerability, cve, medium-severity, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-43939/ Shimi's Cyber World en 2026-05-12T18:16:15+03:00 CVE-2026-43939: YAF.NET Cross-Site Scripting Vulnerabilityvulnerability, cve, high-severity, cwe-79, cwe-80, cwe-116 https://shimiscyberworld.com/posts/nvd-CVE-2026-43938/ Shimi's Cyber World en 2026-05-12T18:16:15+03:00 YetAnotherForum.NET XSS via User-Agent Logging (CVE-2026-43938)vulnerability, cve, high-severity, cwe-79, cwe-80, cwe-116 https://shimiscyberworld.com/posts/nvd-CVE-2026-43937/ Shimi's Cyber World en 2026-05-12T18:16:15+03:00 YetAnotherForum.NET Vulnerability Allows Arbitrary SQL Execution by Low-Privileged Usersvulnerability, cve, high-severity, cwe-89, cwe-841 https://shimiscyberworld.com/posts/nvd-CVE-2026-42260/ Shimi's Cyber World en 2026-05-12T18:16:15+03:00 CVE-2026-42260: Open-WebSearch SSRF Exposes Internal Networksvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/rubygems-suspends-new-signups-after-hundreds-of-malicious-pa-enjvb/ Shimi's Cyber World en 2026-05-12T17:47:00+03:00 RubyGems Suspends Signups After Hundreds of Malicious Packages Uploadedthreat-intel, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-45091/ Shimi's Cyber World en 2026-05-12T17:17:08+03:00 CVE-2026-45091: Critical Secret Exposure in sealed-env Libraryvulnerability, cve, critical, high-severity, cwe-200, cwe-522 https://shimiscyberworld.com/posts/nvd-CVE-2026-42006/ Shimi's Cyber World en 2026-05-12T17:17:04+03:00 CVE-2026-42006 — An attacker can cause uncontrolled memory usage withvulnerability, cve, medium-severity, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-40638/ Shimi's Cyber World en 2026-05-12T17:17:04+03:00 CVE-2026-40638 — Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0,vulnerability, cve, medium-severity, cwe-250 https://shimiscyberworld.com/posts/nvd-CVE-2026-40016/ Shimi's Cyber World en 2026-05-12T17:17:03+03:00 CVE-2026-40016 — Attacker can upload a malicious Sieve script overvulnerability, cve, medium-severity, cwe-400 https://shimiscyberworld.com/posts/nvd-CVE-2026-35071/ Shimi's Cyber World en 2026-05-12T17:17:02+03:00 Dell PowerScale InsightIQ Vulnerability Allows OS Command Injectionvulnerability, cve, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-33603/ Shimi's Cyber World en 2026-05-12T17:17:01+03:00 CVE-2026-33603 — Attacker can use a specially crafted base64 exchangevulnerability, cve, medium-severity, cwe-99 https://shimiscyberworld.com/posts/nvd-CVE-2026-27851/ Shimi's Cyber World en 2026-05-12T17:16:56+03:00 CVE-2026-27851: Safe Filter Bug Enables SQL/LDAP Injectionvulnerability, cve, high-severity, cwe-235 https://shimiscyberworld.com/posts/telegram-1542954397-4579/ Shimi's Cyber World en 2026-05-12T17:15:10+03:00 Mini Shai-Hulud Campaign Hits TanStack, UiPath, Mistral AI via npm/PyPItools https://shimiscyberworld.com/posts/instructure-pays-ransom-after-canvas-incident-as-congress-an-2yd1e/ Shimi's Cyber World en 2026-05-12T16:01:00+03:00 Instructure Pays Ransom After Canvas Breach; Congress Investigatesthreat-intel, data-breach, government, ransomware https://shimiscyberworld.com/posts/west-pharmaceutical-services-hit-by-disruptive-ransomware-at-p0rz4/ Shimi's Cyber World en 2026-05-12T15:59:49+03:00 West Pharmaceutical Services Hit by Disruptive Ransomware Attackthreat-intel, vulnerability, malware, ransomware https://shimiscyberworld.com/posts/new-trickmo-variant-uses-ton-c2-and-socks5-to-create-android-2pj1a/ Shimi's Cyber World en 2026-05-12T15:50:00+03:00 TrickMo Android Trojan Leverages TON for C2 and SOCKS5 Pivotsthreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/webinar-what-the-riskiest-soc-alerts-go-unanswered-and-ho-x4eec/ Shimi's Cyber World en 2026-05-12T14:58:00+03:00 Unanswered SOC Alerts: WAF, DLP, OT/IoT Signals Left Uninvestigatedthreat-intel, vulnerability https://shimiscyberworld.com/posts/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-n-iu4sj/ Shimi's Cyber World en 2026-05-12T14:29:36+03:00 Shai Hulud Malware Compromises TanStack, Mistral npm Packages in Supply Chain Attackthreat-intel, data-breach, malware https://shimiscyberworld.com/posts/nvd-CVE-2026-45218/ Shimi's Cyber World en 2026-05-12T14:16:21+03:00 CVE-2026-45218: WP Travel Blind SQL Injection Puts User Data at Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45215/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 CVE-2026-45215 — Saad Iqbal WP EasyPay Wp-Easy-Pay Vulnerabilityvulnerability, cve, medium-severity, cwe-201 https://shimiscyberworld.com/posts/nvd-CVE-2026-45214/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 Xpro Elementor Addons SQL Injection (CVE-2026-45214) Poses High Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45213/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 BEAR Woo-Bulk-Editor SQLi Puts WooCommerce Stores at Riskvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45212/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 CVE-2026-45212 — Gabe Livan Asset CleanUp: Page Speed Booster Wp-Asset-Clean- Vulnerabilityvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-45211/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 APIExperts Square for WooCommerce SQLi (CVE-2026-45211) Exposes E-commerce Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-45210/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 CVE-2026-45210 — Broadstreet Broadstreet Ads Broadstreet Vulnerabilityvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-42742/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 Aman Views for WPForms Vulnerability Allows Blind SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-42741/ Shimi's Cyber World en 2026-05-12T14:16:20+03:00 Ninja Forms Views Blind SQL Injection (CVE-2026-42741) — High Severityvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-41713/ Shimi's Cyber World en 2026-05-12T14:16:19+03:00 CVE-2026-41713: High-Severity AI Model Manipulation Vulnerabilityvulnerability, cve, high-severity, cwe-1336 https://shimiscyberworld.com/posts/nvd-CVE-2026-41712/ Shimi's Cyber World en 2026-05-12T14:16:19+03:00 Spring AI Chat Memory Vulnerability Exposes User Datavulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-2465/ Shimi's Cyber World en 2026-05-12T14:16:19+03:00 Turboard FOR-S Privilege Escalation via Incorrect Authorization (CVE-2026-2465)vulnerability, cve, high-severity, privilege-escalation, cwe-863 https://shimiscyberworld.com/posts/sap-fixes-critical-vulnerabilities-in-commerce-cloud-and-s-4-p44lq/ Shimi's Cyber World en 2026-05-12T14:04:55+03:00 SAP Patches Critical Flaws in Commerce Cloud and S/4HANAthreat-intel, data-breach, malware, cloud, tools https://shimiscyberworld.com/posts/why-agentic-ai-is-security-s-next-blind-spot-5dlko/ Shimi's Cyber World en 2026-05-12T13:30:00+03:00 Agentic AI: Security's Next Blind Spot Already in Productionthreat-intel, vulnerability, the-hacker-news https://shimiscyberworld.com/posts/nvd-CVE-2026-6001/ Shimi's Cyber World en 2026-05-12T13:16:48+03:00 CVE-2026-6001: ABIS BAPSİS Authorization Bypass Exposes Trusted Identifiersvulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-44412/ Shimi's Cyber World en 2026-05-12T13:16:46+03:00 Solid Edge SE2026 Vulnerability Allows Code Execution via PAR Filesvulnerability, cve, high-severity, stack-based-buffer-overflow, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-44411/ Shimi's Cyber World en 2026-05-12T13:16:46+03:00 Solid Edge SE2026 Vulnerability Allows Code Execution via PAR Filesvulnerability, cve, high-severity, cwe-824 https://shimiscyberworld.com/posts/nvd-CVE-2026-41551/ Shimi's Cyber World en 2026-05-12T13:16:46+03:00 CVE-2026-41551: Critical Path Traversal in ROS# Exposes Arbitrary Filesvulnerability, cve, critical, high-severity, path-traversal, cwe-23 https://shimiscyberworld.com/posts/nvd-CVE-2026-33893/ Shimi's Cyber World en 2026-05-12T13:16:45+03:00 CVE-2026-33893: Siemens Teamcenter Hardcoded Key Exposes Unauthorized Accessvulnerability, cve, high-severity, cwe-798 https://shimiscyberworld.com/posts/nvd-CVE-2026-27662/ Shimi's Cyber World en 2026-05-12T13:16:45+03:00 CVE-2026-27662: Control Panel Exposes Web Browser, High Severityvulnerability, cve, high-severity, cwe-1188 https://shimiscyberworld.com/posts/nvd-CVE-2026-25787/ Shimi's Cyber World en 2026-05-12T13:16:44+03:00 CVE-2026-25787: Critical XSS in Motion Control Diagnosticsvulnerability, cve, critical, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-25786/ Shimi's Cyber World en 2026-05-12T13:16:44+03:00 CVE-2026-25786: Critical XSS in PLC/Station Name Fieldvulnerability, cve, critical, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-22925/ Shimi's Cyber World en 2026-05-12T13:16:44+03:00 SIMATIC CN 4100 DoS Vulnerability: CVE-2026-22925 Poses High Riskvulnerability, cve, high-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-22924/ Shimi's Cyber World en 2026-05-12T13:16:43+03:00 SIMATIC CN 4100 Critical Vulnerability: Unauthenticated Resource Exhaustionvulnerability, cve, critical, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2025-6577/ Shimi's Cyber World en 2026-05-12T13:16:43+03:00 Akilli Commerce E-Commerce Website SQLi Vulnerability (CVE-2025-6577)vulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2025-40949/ Shimi's Cyber World en 2026-05-12T13:16:43+03:00 CVE-2025-40949: Critical RUGGEDCOM ROX Command Injectionvulnerability, cve, critical, high-severity, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2025-40947/ Shimi's Cyber World en 2026-05-12T13:16:43+03:00 RUGGEDCOM ROX RCE via Feature Key Installation (CVE-2025-40947)vulnerability, cve, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2025-40946/ Shimi's Cyber World en 2026-05-12T13:16:42+03:00 CVE-2025-40946: KACO new energy Inverter Credential Derivation Flawvulnerability, cve, high-severity, cwe-321 https://shimiscyberworld.com/posts/nvd-CVE-2025-40833/ Shimi's Cyber World en 2026-05-12T13:16:41+03:00 CVE-2025-40833: IPv4 Null Pointer Dereference Triggers DoSvulnerability, cve, high-severity, denial-of-service, cwe-476 https://shimiscyberworld.com/posts/nvd-CVE-2026-7661/ Shimi's Cyber World en 2026-05-12T12:16:58+03:00 CVE-2026-7661 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-7659/ Shimi's Cyber World en 2026-05-12T12:16:57+03:00 CVE-2026-7659 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6913/ Shimi's Cyber World en 2026-05-12T12:16:56+03:00 CVE-2026-6913 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6690/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 LifePress Plugin XSS: Unauthenticated Attackers Inject Malicious Scriptsvulnerability, cve, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6256/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 CVE-2026-6256 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6247/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 CVE-2026-6247 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-6237/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 CVE-2026-6237 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5715/ Shimi's Cyber World en 2026-05-12T12:16:55+03:00 CVE-2026-5715 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5340/ Shimi's Cyber World en 2026-05-12T12:16:54+03:00 CVE-2026-5340 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5028/ Shimi's Cyber World en 2026-05-12T12:16:54+03:00 CVE-2026-5028 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-4920/ Shimi's Cyber World en 2026-05-12T12:16:54+03:00 CVE-2026-4920 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-4859/ Shimi's Cyber World en 2026-05-12T12:16:54+03:00 CVE-2026-4859 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-39432/ Shimi's Cyber World en 2026-05-12T12:16:40+03:00 CVE-2026-39432: Timetics Plugin Missing Authorization Exposes Access Controlsvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-2993/ Shimi's Cyber World en 2026-05-12T12:16:40+03:00 WordPress AIWU Plugin SQLi: Unauthenticated Data Extractionvulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-2300/ Shimi's Cyber World en 2026-05-12T12:16:39+03:00 CVE-2026-2300 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/mini-shai-hulud-worm-compromises-tanstack-mistral-ai-guard-k2810/ Shimi's Cyber World en 2026-05-12T11:50:00+03:00 Mini Shai-Hulud Worm Hits TanStack, Mistral AI, Guardrails AI Packagesthreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/instructure-reaches-ransom-agreement-with-shinyhunters-to-st-xfe90/ Shimi's Cyber World en 2026-05-12T10:37:00+03:00 Instructure Reaches Ransom Agreement with ShinyHunters to Stop Canvas Leakthreat-intel, vulnerability, ransomware, data-breach, microsoft https://shimiscyberworld.com/posts/nvd-CVE-2026-1681/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-1681 — Issuing an ICMP ping via the `net ping` shell command to avulnerability, cve, medium-severity, cwe-674 https://shimiscyberworld.com/posts/nvd-CVE-2026-1185/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-1185 — Code Executionvulnerability, cve, medium-severity, code-execution, cwe-732 https://shimiscyberworld.com/posts/nvd-CVE-2026-0804/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-0804 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-35 https://shimiscyberworld.com/posts/nvd-CVE-2026-0802/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-0802 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-1287 https://shimiscyberworld.com/posts/nvd-CVE-2026-0541/ Shimi's Cyber World en 2026-05-12T10:16:09+03:00 CVE-2026-0541 — Privilege Escalationvulnerability, cve, medium-severity, privilege-escalation, cwe-732 https://shimiscyberworld.com/posts/cushman-wakefield-310-431-breached-accounts-ak8xd/ Shimi's Cyber World en 2026-05-12T09:58:16+03:00 Cushman & Wakefield Suffers ShinyHunters Data Extortion, 310K Accounts Breacheddata-breach, threat-intel https://shimiscyberworld.com/posts/openai-launches-daybreak-for-ai-powered-vulnerability-detect-sfxld/ Shimi's Cyber World en 2026-05-12T09:55:00+03:00 OpenAI Launches Daybreak for AI-Powered Vulnerability Detectionthreat-intel, vulnerability, ai-security https://shimiscyberworld.com/posts/nvd-CVE-2026-41872/ Shimi's Cyber World en 2026-05-12T09:16:09+03:00 CVE-2026-41872: Kura Sushi App Vulnerable to MITM via Improper Certificate Validationvulnerability, cve, high-severity, cwe-295 https://shimiscyberworld.com/posts/ios-26-5-brings-default-end-to-end-encrypted-rcs-messaging-b-69skb/ Shimi's Cyber World en 2026-05-12T08:18:00+03:00 Apple iOS 26.5 Brings End-to-End Encrypted RCS Messagingthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/telegram-1707304340-2315/ Shimi's Cyber World en 2026-05-12T08:03:16+03:00 SMS-Based Disinformation Campaign Targets Mobile Usersisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-7287/ Shimi's Cyber World en 2026-05-12T07:16:29+03:00 Zyxel NWA1100-N Firmware DoS: CVE-2026-7287 Buffer Overflowvulnerability, cve, high-severity, buffer-overflow, cwe-120 https://shimiscyberworld.com/posts/nvd-CVE-2026-7257/ Shimi's Cyber World en 2026-05-12T07:16:29+03:00 CVE-2026-7257 — The Configuration File Of Zyxel WRE6505 Vulnerabilityvulnerability, cve, medium-severity, cwe-922 https://shimiscyberworld.com/posts/nvd-CVE-2026-7256/ Shimi's Cyber World en 2026-05-12T07:16:29+03:00 Zyxel WRE6505 v2: High-Severity Command Injection Vulnerabilityvulnerability, cve, high-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-7255/ Shimi's Cyber World en 2026-05-12T07:16:29+03:00 CVE-2026-7255 — The Web Management Interface Of Zyxel WRE6505 Vulnerabilityvulnerability, cve, medium-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2026-45430/ Shimi's Cyber World en 2026-05-12T07:16:28+03:00 CVE-2026-45430: Backdrop CMS Salesforce Module CSRF Riskvulnerability, cve, high-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-40137/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40137 — SAP TAF_APPLAUNCHER within Business Server Pages allows anvulnerability, cve, medium-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-40136/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40136 — SAP Financial Consolidation allows an authenticatedvulnerability, cve, medium-severity, cwe-404 https://shimiscyberworld.com/posts/nvd-CVE-2026-40135/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40135 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-40134/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40134 — Due to insufficient authorization checks in the SAPvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40133/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40133 — Due to missing authorization check in SAP S/4HANA Conditionvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40132/ Shimi's Cyber World en 2026-05-12T06:16:12+03:00 CVE-2026-40132 — Due to missing authorization check in SAP Strategicvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40129/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 CVE-2026-40129 — SAP Application Server ABAP For SAP NetWeaver And ABAP Platf Vulnerabilityvulnerability, cve, medium-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-34263/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 SAP Commerce Cloud: Critical RCE via Spring Security Misconfigurationvulnerability, cve, critical, high-severity, code-execution, cwe-459 https://shimiscyberworld.com/posts/nvd-CVE-2026-34260/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 SAP S/4HANA SQLi: Critical Flaw Exposes Data, Risks Availabilityvulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-34259/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 SAP Forecasting & Replenishment OS Command Execution (CVE-2026-34259)vulnerability, cve, high-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-34258/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 CVE-2026-34258 — SAPUI5 (Search UI) allows an unauthenticated attacker tovulnerability, cve, medium-severity, cwe-451 https://shimiscyberworld.com/posts/nvd-CVE-2026-27682/ Shimi's Cyber World en 2026-05-12T06:16:11+03:00 CVE-2026-27682 — SAP NetWeaver Application Server ABAP (Applications Based On Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-0502/ Shimi's Cyber World en 2026-05-12T06:16:10+03:00 CVE-2026-0502 — Due to insufficient CSRF protection in SAP BusinessObjectsvulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-45321/ Shimi's Cyber World en 2026-05-12T04:16:46+03:00 CVE-2026-45321: TanStack npm Packages Hit by Critical Supply Chain Attackvulnerability, cve, critical, high-severity, cwe-506 https://shimiscyberworld.com/posts/nvd-CVE-2026-8349/ Shimi's Cyber World en 2026-05-12T03:17:03+03:00 CVE-2026-8349 — Omec-Project Amf Vulnerabilityvulnerability, cve, medium-severity, cwe-119 https://shimiscyberworld.com/posts/nvd-CVE-2026-8346/ Shimi's Cyber World en 2026-05-12T03:17:03+03:00 CVE-2026-8346 — D-Link DIR-816 1.10CNB05_R1B011D88210 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-8345/ Shimi's Cyber World en 2026-05-12T02:20:22+03:00 CVE-2026-8345 — D-Link DIR-816 1.10CNB05_R1B011D88210 Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-43914/ Shimi's Cyber World en 2026-05-12T02:20:22+03:00 Vaultwarden CVE-2026-43914: Brute-Force Bypass via 2FA Emailvulnerability, cve, high-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2026-43913/ Shimi's Cyber World en 2026-05-12T02:20:22+03:00 Vaultwarden CVE-2026-43913: Unconfirmed Owners Can Purge Vaultsvulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-43912/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 Vaultwarden CVE-2026-43912 Allows Org Data Access via Group Management Flawvulnerability, cve, high-severity, cwe-285 https://shimiscyberworld.com/posts/nvd-CVE-2026-43911/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 CVE-2026-43911 — Vaultwarden is a Bitwarden-compatible server written invulnerability, cve, medium-severity, cwe-613 https://shimiscyberworld.com/posts/nvd-CVE-2026-43901/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 CVE-2026-43901 — Wireshark MCP is an MCP Server that turns tshark into avulnerability, cve, medium-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-43900/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 CVE-2026-43900: DeepChat XSS Bypass Threatens AI Implementationsvulnerability, cve, critical, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-43899/ Shimi's Cyber World en 2026-05-12T02:20:21+03:00 CVE-2026-43899: DeepChat RCE Via Incomplete Patch for External Protocol Executionvulnerability, cve, critical, high-severity, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-34963/ Shimi's Cyber World en 2026-05-12T02:19:47+03:00 CVE-2026-34963: barebox EFI PE Loader Memory Safety Flawsvulnerability, cve, high-severity, code-execution, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-34962/ Shimi's Cyber World en 2026-05-12T02:19:47+03:00 CVE-2026-34962 — barebox version prior to 2026.04.0 contains avulnerability, cve, medium-severity, cwe-835