A vulnerability, which was classified as problematic , was found in DFIR-IRIS up to 2.4.27 . Impacted is an unknown function. Such manipulation leads to dynamically-determined object attributes. This …
cyberintel.kalymoon.com · 35011 articles · updated every 4 hours · grows forever
A vulnerability, which was classified as problematic , was found in DFIR-IRIS up to 2.4.27 . Impacted is an unknown function. Such manipulation leads to dynamically-determined object attributes. This …
A vulnerability has been found in vim up to 9.2.479 and classified as critical . The affected element is the function NetrwMarkFile . Performing a manipulation results in code injection. This vulnerab…
A vulnerability was found in Evince and classified as critical . The impacted element is the function ev_spawn of the file ev-application.c . Executing a manipulation can lead to command injection. Th…
A vulnerability was found in Atril . It has been classified as critical . This affects the function ev_spawn of the file ev-application.c . The manipulation leads to command injection. This vulnerabil…
A vulnerability was found in Xreader . It has been declared as critical . This impacts the function ev_spawn of the file ev-application.c . The manipulation results in command injection. This vulnerab…
A vulnerability was found in DFIR-IRIS up to 2.4.27 . It has been rated as problematic . Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability is registere…
A vulnerability categorized as problematic has been discovered in DFIR-IRIS up to 2.4.27 . Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross-site request for…
A vulnerability identified as critical has been detected in wpxpo FastX Plugin up to 1.0.2 on WordPress. Affected by this issue is the function ultp_install_callback of the component Plugin Installati…
A vulnerability labeled as critical has been found in themewant Easy Elements for Elementor Plugin up to 1.4.5 on WordPress. This affects the function easyel_handle_register of the component Login/Reg…
A vulnerability marked as problematic has been reported in pftool Alfie Plugin up to 1.2.1 on WordPress. This vulnerability affects the function alfie_manage of the component GET Parameter Handler . T…
A vulnerability described as problematic has been identified in ZTE MU5250 BD_FLYMODEMV1.0.0B27 . This issue affects some unknown processing of the component Configuration Handler . The manipulation r…
A vulnerability classified as problematic has been found in burlingtonbytes WP Blockade Plugin up to 0.9.14 on WordPress. Impacted is the function render_shortcode_preview of the component Endpoint . …
A vulnerability classified as problematic was found in manchumahara CBX 5 Star Rating & Review Plugin up to 1.0.7 on WordPress. The affected element is an unknown function. Such manipulation of the ar…
A vulnerability, which was classified as critical , has been found in shapedplugin Location Weather Plugin up to 3.0.2 on WordPress. The impacted element is the function splw_update_block_options . Pe…
A vulnerability, which was classified as problematic , was found in helgatheviking KIA Subtitle Plugin up to 4.0.1 on WordPress. This affects the function before of the component Shortcode Handler . E…
A vulnerability has been found in dartiss Draft List Plugin 2.6.3 on WordPress and classified as problematic . This impacts an unknown function. The manipulation leads to cross site scripting. This vu…
I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js†(and reformated). The SHA256 is 049300…
The npm registry made an urgent platform-wide move last week after supply chain attacks threatened thousands of developers. On May 19, npm invalidated every granular access token with write access tha…
Hackers can weaponize a legitimately signed Lenovo driver to terminate security processes, highlighting a dangerous Bring Your Own Vulnerable Driver (BYOVD) attack vector that can bypass endpoint prot…
Google is expanding the role of its CodeMender security agent from autonomous vulnerability remediation toward a larger agentic development ecosystem, signalling a broader push toward AI-driven AppSec…
Here’s a look at the most interesting products from the past week, featuring releases from ASAPP, Babel Street, CTERA, Forward, Riverbed, and Trust3 AI. Babel Street targets AI-driven threats with new…
Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats …
Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack a…
The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.