CyberIntel ⬡ News
★ Saved ◆ Cyber Reads

// Vulnerabilities & CVEs
Intel Feed

cyberintel.kalymoon.com  ·  11870 articles  ·  updated every 4 hours · grows forever

11870Total
4300Full Text
Jul 13, 2026Latest
◈ Women in Cyber ◉ Threat Intelligence ◎ How-To & Tutorials ⬡ Vulnerabilities & CVEs 🔍 Digital Forensics ◍ Incident Response & DFIR ◆ Security Tools & Reviews ◇ Industry News & Leadership ✉ Email Security 🛡 Active Threats ⚠ Critical CVEs ◐ Insider Threat & DLP ◌ Quantum Computing ◬ AI & Machine Learning
🔥 Trending Topics · Last 48h
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10688 | ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b server.py execute_blender_code code injection (Issue 201)

A vulnerability identified as critical has been detected in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b . The impacted element is the function execute_blender_code of the file …

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10690 | wonderwhy-er DesktopCommanderMCP 0.2.37 read_file src/tools/filesystem.ts readFileFromUrl url server-side request forgery (Issue 410)

A vulnerability labeled as critical has been found in wonderwhy-er DesktopCommanderMCP 0.2.37 . This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10691 | wonderwhy-er DesktopCommanderMCP up to 0.2.38 start_search src/search-manager.ts SearchResult[] redos (Issue 375)

A vulnerability marked as problematic has been reported in wonderwhy-er DesktopCommanderMCP up to 0.2.38 . This impacts an unknown function of the file src/search-manager.ts of the component start_sea…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10692 | johnhuang316 code-index-mcp up to 2.14.0 search_code_advanced is_safe_regex_pattern regex redos (Issue 84)

A vulnerability described as problematic has been identified in johnhuang316 code-index-mcp up to 2.14.0 . Affected is the function is_safe_regex_pattern of the component search_code_advanced . Execut…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10693 | SourceCodester Online Boat Reservation System 1.0 Administrative Endpoint improper authorization

A vulnerability classified as critical has been found in SourceCodester Online Boat Reservation System 1.0 . Affected by this vulnerability is an unknown functionality of the component Administrative …

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10694 | SourceCodester Online Food Ordering System 2.0 /index.php include page file inclusion

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System 2.0 . Affected by this issue is the function include of the file /index.php . The manipulation of the arg…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges - gbhackers.com

Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges gbhackers.com

gbhackers.com Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-4080 | zeshanb Easy Cart Plugin up to 1.8 on WordPress Shortcode ectp_add_to_cart cross site scripting

A vulnerability, which was classified as problematic , was found in zeshanb Easy Cart Plugin up to 1.8 on WordPress. Affected is the function ectp_add_to_cart of the component Shortcode Handler . Exec…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9234 | ntbyk JTL-Connector for WooCommerce Plugin up to 2.4.1 on WordPress Setting JtlConnectorAdmin::save authorization

A vulnerability has been found in ntbyk JTL-Connector for WooCommerce Plugin up to 2.4.1 on WordPress and classified as critical . Affected by this vulnerability is the function JtlConnectorAdmin::sav…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9723 | ddd2500 Google Plus One Bottom Plugin up to 0.0.2 on WordPress Setting googlePlusOneAdmin cross-site request forgery

A vulnerability was found in ddd2500 Google Plus One Bottom Plugin up to 0.0.2 on WordPress and classified as problematic . Affected by this issue is the function googlePlusOneAdmin of the component S…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-4081 | jhdscript ZeM STL Plugin up to 1.0 on WordPress Shortcode esc_attr url/color/bgcolor cross site scripting

A vulnerability was found in jhdscript ZeM STL Plugin up to 1.0 on WordPress. It has been classified as problematic . This affects the function esc_attr of the component Shortcode Handler . This manip…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-8422 | mr_mat Remove Meta Boxes per User Role Plugin up to 1.01 on WordPress cross-site request forgery

A vulnerability was found in mr_mat Remove Meta Boxes per User Role Plugin up to 1.01 on WordPress. It has been declared as problematic . This vulnerability affects unknown code. Such manipulation lea…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-8885 | marcqueralt DeMomentSomTres Shortcodes Plugin up to 1.1.1 on WordPress Shortcode st_callout width/align cross site scripting

A vulnerability was found in marcqueralt DeMomentSomTres Shortcodes Plugin up to 1.1.1 on WordPress. It has been rated as problematic . This issue affects the function st_callout of the component Shor…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9599 | russellr Tectite Forms Plugin up to 1.3 on WordPress Setting admin_init cross-site request forgery

A vulnerability categorized as problematic has been discovered in russellr Tectite Forms Plugin up to 1.3 on WordPress. Impacted is the function admin_init of the component Setting Handler . Executing…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9722 | pcis Laiser Tag Plugin up to 1.2.5 on WordPress Setting addOptionsPageFields cross-site request forgery

A vulnerability identified as problematic has been detected in pcis Laiser Tag Plugin up to 1.2.5 on WordPress. The affected element is the function addOptionsPageFields of the component Setting Handl…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-9730 | jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress Setting gmz_comment_settings_save cross-site request forgery

A vulnerability labeled as problematic has been found in jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress. The impacted element is the function gmz_comment_settings_save of the co…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-41115 | Apache Kafka up to 4.3.0 improper authorization

A vulnerability marked as critical has been reported in Apache Kafka up to 4.3.0 . This affects an unknown function. This manipulation causes improper authorization. This vulnerability appears as CVE-…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-34906 | Simple SA Wirtualna Uczelnia up to wu#2016.437.295#0#20260327_105545 Endpoint redirectToUrl redirectUrlParameter special elements used in a template engine

A vulnerability described as critical has been identified in Simple SA Wirtualna Uczelnia up to wu#2016.437.295#0#20260327_105545 . This impacts the function redirectToUrl of the component Endpoint . …

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-10549 | Yandex Database prior 25.3.1.25 Group Membership insufficient permissions or privileges

A vulnerability classified as critical has been found in Yandex Database . Affected is an unknown function of the component Group Membership Handler . Performing a manipulation results in improper han…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-5422 | Jupyter jupyter_server up to 2.17.0 fileio.py _get_os_path path traversal

A vulnerability classified as problematic was found in Jupyter jupyter_server up to 2.17.0 . Affected by this vulnerability is the function _get_os_path of the file jupyter_server/services/contents/fi…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2025-52766 | Printeers Print & Ship Plugin up to 1.17.0 on WordPress authorization

A vulnerability, which was classified as critical , has been found in Printeers Print & Ship Plugin up to 1.17.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation le…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-5191 | raja3c Tiled Gallery Carousel without JetPack Plugin up to 3.1 on WordPress data-image-title cross site scripting

A vulnerability, which was classified as problematic , was found in raja3c Tiled Gallery Carousel without JetPack Plugin up to 3.1 on WordPress. This affects an unknown part. The manipulation of the a…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2025-52759 | UnboundStudio Accordion FAQ Plugin up to 2.2.1 on WordPress cross site scripting

A vulnerability has been found in UnboundStudio Accordion FAQ Plugin up to 2.2.1 on WordPress and classified as problematic . This vulnerability affects unknown code. This manipulation causes cross si…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 02, 2026
CVE-2026-34907 | Simple SA Wirtualna Uczelnia up to wu#2016.437.295#0#20260327_105545 locale cross site scripting

A vulnerability was found in Simple SA Wirtualna Uczelnia up to wu#2016.437.295#0#20260327_105545 and classified as problematic . This issue affects some unknown processing. Such manipulation of the a…

VulDB Read →
← Prev 184 / 495 Next →