CyberIntel ⬡ News
★ Saved ◆ Cyber Reads

// Vulnerabilities & CVEs
Intel Feed

cyberintel.kalymoon.com  ·  11840 articles  ·  updated every 4 hours · grows forever

11840Total
4300Full Text
Jul 13, 2026Latest
◈ Women in Cyber ◉ Threat Intelligence ◎ How-To & Tutorials ⬡ Vulnerabilities & CVEs 🔍 Digital Forensics ◍ Incident Response & DFIR ◆ Security Tools & Reviews ◇ Industry News & Leadership ✉ Email Security 🛡 Active Threats ⚠ Critical CVEs ◐ Insider Threat & DLP ◌ Quantum Computing ◬ AI & Machine Learning
🔥 Trending Topics · Last 48h
⬡ Vulnerabilities & CVEs Jun 02, 2026
Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges - gbhackers.com

Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges gbhackers.com

gbhackers.com Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-4080 | zeshanb Easy Cart Plugin up to 1.8 on WordPress Shortcode ectp_add_to_cart cross site scripting

A vulnerability, which was classified as problematic , was found in zeshanb Easy Cart Plugin up to 1.8 on WordPress. Affected is the function ectp_add_to_cart of the component Shortcode Handler . Exec…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9234 | ntbyk JTL-Connector for WooCommerce Plugin up to 2.4.1 on WordPress Setting JtlConnectorAdmin::save authorization

A vulnerability has been found in ntbyk JTL-Connector for WooCommerce Plugin up to 2.4.1 on WordPress and classified as critical . Affected by this vulnerability is the function JtlConnectorAdmin::sav…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9723 | ddd2500 Google Plus One Bottom Plugin up to 0.0.2 on WordPress Setting googlePlusOneAdmin cross-site request forgery

A vulnerability was found in ddd2500 Google Plus One Bottom Plugin up to 0.0.2 on WordPress and classified as problematic . Affected by this issue is the function googlePlusOneAdmin of the component S…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-4081 | jhdscript ZeM STL Plugin up to 1.0 on WordPress Shortcode esc_attr url/color/bgcolor cross site scripting

A vulnerability was found in jhdscript ZeM STL Plugin up to 1.0 on WordPress. It has been classified as problematic . This affects the function esc_attr of the component Shortcode Handler . This manip…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-8422 | mr_mat Remove Meta Boxes per User Role Plugin up to 1.01 on WordPress cross-site request forgery

A vulnerability was found in mr_mat Remove Meta Boxes per User Role Plugin up to 1.01 on WordPress. It has been declared as problematic . This vulnerability affects unknown code. Such manipulation lea…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-8885 | marcqueralt DeMomentSomTres Shortcodes Plugin up to 1.1.1 on WordPress Shortcode st_callout width/align cross site scripting

A vulnerability was found in marcqueralt DeMomentSomTres Shortcodes Plugin up to 1.1.1 on WordPress. It has been rated as problematic . This issue affects the function st_callout of the component Shor…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9599 | russellr Tectite Forms Plugin up to 1.3 on WordPress Setting admin_init cross-site request forgery

A vulnerability categorized as problematic has been discovered in russellr Tectite Forms Plugin up to 1.3 on WordPress. Impacted is the function admin_init of the component Setting Handler . Executing…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9722 | pcis Laiser Tag Plugin up to 1.2.5 on WordPress Setting addOptionsPageFields cross-site request forgery

A vulnerability identified as problematic has been detected in pcis Laiser Tag Plugin up to 1.2.5 on WordPress. The affected element is the function addOptionsPageFields of the component Setting Handl…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9730 | jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress Setting gmz_comment_settings_save cross-site request forgery

A vulnerability labeled as problematic has been found in jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress. The impacted element is the function gmz_comment_settings_save of the co…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-41115 | Apache Kafka up to 4.3.0 improper authorization

A vulnerability marked as critical has been reported in Apache Kafka up to 4.3.0 . This affects an unknown function. This manipulation causes improper authorization. This vulnerability appears as CVE-…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-34906 | Simple SA Wirtualna Uczelnia up to wu#2016.437.295#0#20260327_105545 Endpoint redirectToUrl redirectUrlParameter special elements used in a template engine

A vulnerability described as critical has been identified in Simple SA Wirtualna Uczelnia up to wu#2016.437.295#0#20260327_105545 . This impacts the function redirectToUrl of the component Endpoint . …

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10549 | Yandex Database prior 25.3.1.25 Group Membership insufficient permissions or privileges

A vulnerability classified as critical has been found in Yandex Database . Affected is an unknown function of the component Group Membership Handler . Performing a manipulation results in improper han…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-5422 | Jupyter jupyter_server up to 2.17.0 fileio.py _get_os_path path traversal

A vulnerability classified as problematic was found in Jupyter jupyter_server up to 2.17.0 . Affected by this vulnerability is the function _get_os_path of the file jupyter_server/services/contents/fi…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2025-52766 | Printeers Print & Ship Plugin up to 1.17.0 on WordPress authorization

A vulnerability, which was classified as critical , has been found in Printeers Print & Ship Plugin up to 1.17.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation le…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-5191 | raja3c Tiled Gallery Carousel without JetPack Plugin up to 3.1 on WordPress data-image-title cross site scripting

A vulnerability, which was classified as problematic , was found in raja3c Tiled Gallery Carousel without JetPack Plugin up to 3.1 on WordPress. This affects an unknown part. The manipulation of the a…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2025-52759 | UnboundStudio Accordion FAQ Plugin up to 2.2.1 on WordPress cross site scripting

A vulnerability has been found in UnboundStudio Accordion FAQ Plugin up to 2.2.1 on WordPress and classified as problematic . This vulnerability affects unknown code. This manipulation causes cross si…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-34907 | Simple SA Wirtualna Uczelnia up to wu#2016.437.295#0#20260327_105545 locale cross site scripting

A vulnerability was found in Simple SA Wirtualna Uczelnia up to wu#2016.437.295#0#20260327_105545 and classified as problematic . This issue affects some unknown processing. Such manipulation of the a…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2025-53345 | ThimPress Thim Core Plugin up to 2.3.3 on WordPress authorization

A vulnerability was found in ThimPress Thim Core Plugin up to 2.3.3 on WordPress. It has been classified as critical . Impacted is an unknown function. Performing a manipulation results in missing aut…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10606 | DedeCMS 5.7.88 Feedback /plus/feedback.php TrimMsg msg sql injection

A vulnerability was found in DedeCMS 5.7.88 . It has been declared as critical . The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler . Executi…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10607 | DedeCMS 5.7.88 /plus/flink.php dede_htmlspecialchars msg sql injection

A vulnerability was found in DedeCMS 5.7.88 . It has been rated as critical . The impacted element is the function dede_htmlspecialchars of the file /plus/flink.php . The manipulation of the argument …

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10608 | DedeCMS 5.7.88 /plus/carbuyaction.php RemoveXSS postname/des sql injection

A vulnerability categorized as critical has been discovered in DedeCMS 5.7.88 . This affects the function RemoveXSS of the file /plus/carbuyaction.php . The manipulation of the argument postname/des r…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2025-53440 | Axiomthemes Confidant Plugin up to 1.4 on WordPress filename control

A vulnerability identified as problematic has been detected in Axiomthemes Confidant Plugin up to 1.4 on WordPress. This impacts an unknown function. This manipulation causes improper control of filen…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2025-58705 | Axiomthemes Crafti Plugin up to 1.12 on WordPress filename control

A vulnerability labeled as problematic has been found in Axiomthemes Crafti Plugin up to 1.12 on WordPress. Affected is an unknown function. Such manipulation leads to improper control of filename for…

VulDB Read →
← Prev 183 / 494 Next →