CyberIntel ⬡ News
★ Saved ◆ Cyber Reads

// Cyber
Intel Feed

cyberintel.kalymoon.com  ·  34945 articles  ·  updated every 4 hours · grows forever

34945Total
26397Full Text
Jul 10, 2026Latest
◈ Women in Cyber ◉ Threat Intelligence ◎ How-To & Tutorials ⬡ Vulnerabilities & CVEs 🔍 Digital Forensics ◍ Incident Response & DFIR ◆ Security Tools & Reviews ◇ Industry News & Leadership ✉ Email Security 🛡 Active Threats ⚠ Critical CVEs ◐ Insider Threat & DLP ◌ Quantum Computing ◬ AI & Machine Learning
🔥 Trending Topics · Last 48h
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-8434 | Concrete CMS up to 9.4.x file rescanMultiple cross-site request forgery

A vulnerability labeled as problematic has been found in Concrete CMS up to 9.4.x . Affected is the function rescanMultiple of the file concrete/controllers/backend/file . Such manipulation leads to c…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-8435 | Concrete CMS up to 9.4.x file approveVersion cross-site request forgery

A vulnerability marked as problematic has been reported in Concrete CMS CMS up to 9.4.x . Affected by this vulnerability is the function approveVersion of the file concrete/controllers/backend/file . …

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-46517 | InternLM LMDeploy dynamically-determined object attributes

A vulnerability described as problematic has been identified in InternLM LMDeploy . Affected by this issue is some unknown functionality. Executing a manipulation can lead to dynamically-determined ob…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-47243 | Kata Containers kata-containers up to 3.30.x virtiofsd symlink

A vulnerability classified as critical has been found in Kata Containers kata-containers up to 3.30.x . This affects an unknown part of the component virtiofsd . The manipulation leads to symlink foll…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-42539 | DFIR-IRIS up to 2.4.27 IRIS_Excessive_Data_Exposure information disclosure

A vulnerability classified as problematic was found in DFIR-IRIS up to 2.4.27 . This vulnerability affects the function IRIS_Excessive_Data_Exposure . The manipulation results in information disclosur…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-42329 | DFIR-IRIS up to 2.4.27 redirect

A vulnerability, which was classified as problematic , has been found in DFIR-IRIS up to 2.4.27 . This issue affects some unknown processing. This manipulation causes open redirect. The identification…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-42540 | DFIR-IRIS up to 2.4.27 dynamically-determined object attributes

A vulnerability, which was classified as problematic , was found in DFIR-IRIS up to 2.4.27 . Impacted is an unknown function. Such manipulation leads to dynamically-determined object attributes. This …

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-43961 | vim up to 9.2.479 NetrwMarkFile code injection

A vulnerability has been found in vim up to 9.2.479 and classified as critical . The affected element is the function NetrwMarkFile . Performing a manipulation results in code injection. This vulnerab…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-46529 | Evince ev-application.c ev_spawn command injection

A vulnerability was found in Evince and classified as critical . The impacted element is the function ev_spawn of the file ev-application.c . Executing a manipulation can lead to command injection. Th…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-46529 | Atril ev-application.c ev_spawn command injection

A vulnerability was found in Atril . It has been classified as critical . This affects the function ev_spawn of the file ev-application.c . The manipulation leads to command injection. This vulnerabil…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-46529 | Xreader ev-application.c ev_spawn command injection

A vulnerability was found in Xreader . It has been declared as critical . This impacts the function ev_spawn of the file ev-application.c . The manipulation results in command injection. This vulnerab…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-42538 | DFIR-IRIS up to 2.4.27 cross site scripting

A vulnerability was found in DFIR-IRIS up to 2.4.27 . It has been rated as problematic . Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability is registere…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-42543 | DFIR-IRIS up to 2.4.27 cross-site request forgery

A vulnerability categorized as problematic has been discovered in DFIR-IRIS up to 2.4.27 . Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross-site request for…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-2518 | wpxpo FastX Plugin up to 1.0.2 on WordPress Plugin Installation ultp_install_callback authorization

A vulnerability identified as critical has been detected in wpxpo FastX Plugin up to 1.0.2 on WordPress. Affected by this issue is the function ultp_install_callback of the component Plugin Installati…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-9018 | themewant Easy Elements for Elementor Plugin up to 1.4.5 on WordPress Login/Register easyel_handle_register privileges management

A vulnerability labeled as critical has been found in themewant Easy Elements for Elementor Plugin up to 1.4.5 on WordPress. This affects the function easyel_handle_register of the component Login/Reg…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-4070 | pftool Alfie Plugin up to 1.2.1 on WordPress GET Parameter alfie_manage delete cross-site request forgery

A vulnerability marked as problematic has been reported in pftool Alfie Plugin up to 1.2.1 on WordPress. This vulnerability affects the function alfie_manage of the component GET Parameter Handler . T…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-44409 | ZTE MU5250 BD_FLYMODEMV1.0.0B27 Configuration information disclosure

A vulnerability described as problematic has been identified in ZTE MU5250 BD_FLYMODEMV1.0.0B27 . This issue affects some unknown processing of the component Configuration Handler . The manipulation r…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-3481 | burlingtonbytes WP Blockade Plugin up to 0.9.14 on WordPress Endpoint render_shortcode_preview shortcode cross site scripting

A vulnerability classified as problematic has been found in burlingtonbytes WP Blockade Plugin up to 0.9.14 on WordPress. Impacted is the function render_shortcode_preview of the component Endpoint . …

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-6864 | manchumahara CBX 5 Star Rating & Review Plugin up to 1.0.7 on WordPress page cross site scripting

A vulnerability classified as problematic was found in manchumahara CBX 5 Star Rating & Review Plugin up to 1.0.7 on WordPress. The affected element is an unknown function. Such manipulation of the ar…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-7249 | shapedplugin Location Weather Plugin up to 3.0.2 on WordPress splw_update_block_options authorization

A vulnerability, which was classified as critical , has been found in shapedplugin Location Weather Plugin up to 3.0.2 on WordPress. The impacted element is the function splw_update_block_options . Pe…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-7509 | helgatheviking KIA Subtitle Plugin up to 4.0.1 on WordPress Shortcode before cross site scripting

A vulnerability, which was classified as problematic , was found in helgatheviking KIA Subtitle Plugin up to 4.0.1 on WordPress. This affects the function before of the component Shortcode Handler . E…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-9104 | dartiss Draft List Plugin 2.6.3 on WordPress cross site scripting

A vulnerability has been found in dartiss Draft List Plugin 2.6.3 on WordPress and classified as problematic . This impacts an unknown function. The manipulation leads to cross site scripting. This vu…

VulDB Read →
◉ Threat Intelligence May 22, 2026
Cross-Platform NPM Stealer, (Fri, May 22nd)

I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js” (and reformated). The SHA256 is 049300…

SANS ISC Read →
◇ Industry News & Leadership May 22, 2026
Mini Shai-Hulud Attack Forces npm to Reset Bypass-2FA Publishing Tokens

The npm registry made an urgent platform-wide move last week after supply chain attacks threatened thousands of developers. On May 19, npm invalidated every granular access token with write access tha…

Cybersecurity News Read →
← Prev 537 / 1457 Next →