CyberIntel ⬡ News
★ Saved ◆ Cyber Reads

// Vulnerabilities & CVEs
Intel Feed

cyberintel.kalymoon.com  ·  12098 articles  ·  updated every 4 hours · grows forever

12098Total
4302Full Text
Jul 15, 2026Latest
◈ Women in Cyber ◉ Threat Intelligence ◎ How-To & Tutorials ⬡ Vulnerabilities & CVEs 🔍 Digital Forensics ◍ Incident Response & DFIR ◆ Security Tools & Reviews ◇ Industry News & Leadership ✉ Email Security 🛡 Active Threats ⚠ Critical CVEs ◐ Insider Threat & DLP ◌ Quantum Computing ◬ AI & Machine Learning
🔥 Trending Topics · Last 48h
⬡ Vulnerabilities & CVEs Jun 01, 2026
CVE-2026-49267 | Apache Airflow up to 3.2.1 SMTP STARTTLS Connection certificate validation

A vulnerability was found in Apache Airflow up to 3.2.1 . It has been declared as problematic . This impacts an unknown function of the component SMTP STARTTLS Connection Handler . Executing a manipul…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 01, 2026
CVE-2026-49270 | Apache ActiveMQ BrokerInfo privilege escalation

A vulnerability was found in Apache ActiveMQ . It has been rated as problematic . Affected is an unknown function of the component BrokerInfo Handler . The manipulation leads to privilege escalation. …

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 01, 2026
CVE-2026-49298 | Apache Airflow up to 3.2.1 KubernetesExecutor Command-Line Argument information disclosure

A vulnerability categorized as problematic has been discovered in Apache Airflow up to 3.2.1 . Affected by this vulnerability is an unknown functionality of the component KubernetesExecutor Command-Li…

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 01, 2026
CVE-2026-49361 | Apache Fluss 0.8.0/0.9.0 Netty Frame Decoder memory allocation

A vulnerability identified as problematic has been detected in Apache Fluss 0.8.0/0.9.0 . Affected by this issue is some unknown functionality of the component Netty Frame Decoder . This manipulation …

VulDB Read →
⬡ Vulnerabilities & CVEs Jun 01, 2026
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks - gbhackers.com

Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks gbhackers.com

gbhackers.com Read →
⬡ Vulnerabilities & CVEs Jun 01, 2026
Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys - CyberSecurityNews

Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys CyberSecurityNews

CyberSecurityNews Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10275 | OpenSC up to 0.26.1 pkcs11-tool Key Generation src/tools/pkcs11-tool.c test_kpgen_certwrite buffer overflow (Issue 3682)

A vulnerability marked as critical has been reported in OpenSC up to 0.26.1 . This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Genera…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10276 | hekmon8 Jenkins-server-mcp 0.1.0 get_build_status/get_build_log/trigger_build src/index.ts jobPath server-side request forgery

A vulnerability described as critical has been identified in hekmon8 Jenkins-server-mcp 0.1.0 . This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_stat…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10277 | j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c MCP Gmail Tool src/tools/gmail.ts saveToDisk access control

A vulnerability classified as critical has been found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c . This issue affects the function saveToDisk of the file src/tools/gma…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10278 | ishayoyo excel-mcp up to 1.0.2 read_file/write_file src/index.ts filePath/outputPath path traversal

A vulnerability classified as critical was found in ishayoyo excel-mcp up to 1.0.2 . Impacted is an unknown function of the file src/index.ts of the component read_file/write_file . Executing a manipu…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10279 | hiraishikentaro wezterm-mcp 0.1.0 switch_pane/write_to_specific_pane src/wezterm_executor.ts request.params.arguments.pane_id os command injection

A vulnerability, which was classified as critical , has been found in hiraishikentaro wezterm-mcp 0.1.0 . The affected element is an unknown function of the file src/wezterm_executor.ts of the compone…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10280 | horizon921 mcpilot 0.1.0 MCP API Call Endpoint route.ts serverBaseUrl server-side request forgery

A vulnerability, which was classified as critical , was found in horizon921 mcpilot 0.1.0 . The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the componen…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10281 | Enderfga claw-orchestrator up to 3.5.5 API Endpoint src/embedded-server.ts EmbeddedServer missing authentication (Issue 61)

A vulnerability has been found in Enderfga claw-orchestrator up to 3.5.5 and classified as critical . This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API E…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10282 | Bottelet DaybydayCRM up to 2.2.1 DocumentsController.php view improper authorization (Issue 347)

A vulnerability was found in Bottelet DaybydayCRM up to 2.2.1 and classified as problematic . This impacts the function view of the file app/Http/Controllers/DocumentsController.php . Such manipulatio…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10283 | Bottelet DaybydayCRM up to 2.2.1 Setting missing authentication

A vulnerability was found in Bottelet DaybydayCRM up to 2.2.1 . It has been classified as critical . Affected is an unknown function of the component Setting Handler . Performing a manipulation result…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10284 | DevaslanPHP project-management up to 2.0.0-beta1 Livewire ViewTicket.php editComment/doDeleteComment improper authorization (Issue 140)

A vulnerability was found in DevaslanPHP project-management up to 2.0.0-beta1 . It has been declared as critical . Affected by this vulnerability is the function editComment/doDeleteComment of the fil…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10285 | DevaslanPHP project-management up to 2.0.0-beta1 Ticket KanbanScrumHelper.php recordUpdated improper authorization (Issue 141)

A vulnerability was found in DevaslanPHP project-management up to 2.0.0-beta1 . It has been rated as critical . Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10286 | CodeAstro Payroll System 1.0 /home_employee.php emp_id sql injection

A vulnerability categorized as critical has been discovered in CodeAstro Payroll System 1.0 . This affects an unknown part of the file /home_employee.php . The manipulation of the argument emp_id resu…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10287 | SourceCodester SEO Meta Tag Extractor 1.0 /index.php get_headers url server-side request forgery

A vulnerability identified as critical has been detected in SourceCodester SEO Meta Tag Extractor 1.0 . This vulnerability affects the function get_headers of the file /index.php . This manipulation o…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10288 | code-projects Hotel and Tourism Reservation System 1.0 Admin Login /admin/login.php password_verify Password improper authentication

A vulnerability labeled as critical has been found in code-projects Hotel and Tourism Reservation System 1.0 . This issue affects the function password_verify of the file /admin/login.php of the compo…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10289 | code-projects Hotel and Tourism Reservation System 1.0 /ht/tour.php name /email /people /number cross site scripting

A vulnerability marked as problematic has been reported in code-projects Hotel and Tourism Reservation System 1.0 . Impacted is an unknown function of the file /ht/tour.php . Performing a manipulation…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10290 | code-projects Hotel and Tourism Reservation System 1.0 GET Parameter tour.php tour sql injection

A vulnerability described as critical has been identified in code-projects Hotel and Tourism Reservation System 1.0 . The affected element is an unknown function of the file tour.php of the component …

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10291 | Enderfga claw-orchestrator up to 3.7.0 Session Grep Endpoint embedded-server.ts validateRegex body.pattern redos (Issue 64)

A vulnerability classified as problematic has been found in Enderfga claw-orchestrator up to 3.7.0 . The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-serve…

VulDB Read →
⬡ Vulnerabilities & CVEs May 31, 2026
CVE-2026-10292 | UTT HiPER 1200GW up to 2.5.3-170306 /goform/formTaskEdit strcpy stack-based overflow

A vulnerability classified as critical was found in UTT HiPER 1200GW up to 2.5.3-170306 . This affects the function strcpy of the file /goform/formTaskEdit . The manipulation results in stack-based bu…

VulDB Read →
← Prev 202 / 505 Next →