cyberintel.kalymoon.com · 32314 articles · updated every 4 hours · grows forever
A vulnerability, which was classified as problematic , was found in its-a-feature Mythic . Affected is the function c2profile_config_check_webhook/c2profile_redirect_rules_webhook/c2profile_get_ioc_we…
A vulnerability has been found in Yunai ruoyi-vue-pro up to 2026.05 and classified as critical . Affected by this vulnerability is an unknown functionality. This manipulation causes incorrect authoriz…
A vulnerability was found in its-a-feature Mythic and classified as problematic . Affected by this issue is some unknown functionality of the component Configuration Handler . Such manipulation leads …
A vulnerability was found in Papermark up to 0.22.0 . It has been classified as problematic . This affects an unknown part of the component TUS-based Viewer Upload Endpoint . Performing a manipulation…
A vulnerability was found in HiEventsDev Hi.Events up to 1.9.0 . It has been declared as problematic . This vulnerability affects unknown code. Executing a manipulation can lead to time-of-check time-…
A vulnerability was found in Yunai ruoyi-vue-pro up to 2026.05 . It has been rated as problematic . This issue affects some unknown processing of the file /admin-api/crm/follow-up-record/get of the co…
A vulnerability categorized as problematic has been discovered in its-a-feature Mythic . Impacted is an unknown function. The manipulation results in incorrect authorization. This vulnerability is ide…
A vulnerability identified as problematic has been detected in yahoo elide up to 7.1.17 . The affected element is an unknown function of the component Expressions Handler . This manipulation causes mi…
A vulnerability labeled as problematic has been found in iv-org Invidious up to 25.x . The impacted element is an unknown function of the component RSS Feed Playlist Endpoint . Such manipulation leads…
A vulnerability marked as problematic has been reported in PhotoPrism . This affects an unknown function of the component PUT Users API Endpoint . Performing a manipulation results in authorization by…
A vulnerability described as problematic has been identified in signoz up to 0.130.1 . This impacts an unknown function of the component Organization Handler . Executing a manipulation can lead to aut…
A vulnerability classified as problematic has been found in HiEventsDev Hi.Events up to 1.9.0 . Affected is an unknown function of the file /api/public/check-in-lists . The manipulation leads to expos…
A vulnerability classified as problematic was found in inovector mixpost up to 2.6.0 . Affected by this vulnerability is an unknown functionality. The manipulation results in cross site scripting. Thi…
A vulnerability, which was classified as critical , has been found in pinpoint-apm pinpoint up to 3.1.0 . Affected by this issue is some unknown functionality of the component Webhook Registration End…
A vulnerability, which was classified as critical , was found in signoz up to 0.130.1 . This affects the function url . Such manipulation leads to sql injection. This vulnerability is traded as CVE-20…
A vulnerability has been found in pinpoint-apm pinpoint up to 3.1.0 and classified as problematic . This vulnerability affects unknown code of the component Session Cookie Handler . Performing a manip…
A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium extension…
Federal Investment Shifts From Research Toward Implementation The Office of Management and Budget has issued a detailed road map requiring agencies to begin post-quantum cryptography implementation im…
Thousands of Victims Tricked Into Giving Attackers Account Access, Say Officials Russian military hackers, foiled by end-to-end encryption in Signal and WhatsApp, have compromised thousands of people …
Model Context Protocol Rewrite Leaves More Security Decisions to Developers The new MCP specifications fix a long-standing weakness in how AI agents authenticate to external tools, but security expert…
Threat actors are actively exploiting CVE-2026-46817, a critical unauthenticated remote takeover vulnerability in Oracle E-Business Suite (EBS), with live attack activity captured across honeypot infr…
A public proof-of-concept (PoC) exploit has been released for CVE-2026-20251, a high-severity remote code execution (RCE) vulnerability affecting Splunk Secure Gateway (SSG). The flaw, carrying a CVSS…
The U.S. Department of Justice (DOJ) has announced the seizure of nearly 400 domains used to illegally stream FIFA World Cup 2026 matches, marking a significant crackdown on global digital piracy netw…
Researchers at Mozilla’s Zero Day Investigative Network (0DIN) have demonstrated a proof-of-concept attack that shows how a completely clean-looking GitHub repository can trick AI-powered coding agent…