CyberIntel ⬡ News
★ Saved ◆ Cyber Reads

// Vulnerabilities & CVEs
Intel Feed

cyberintel.kalymoon.com  ·  10315 articles  ·  updated every 4 hours · grows forever

10315Total
4237Full Text
Jul 01, 2026Latest
◈ Women in Cyber ◉ Threat Intelligence ◎ How-To & Tutorials ⬡ Vulnerabilities & CVEs 🔍 Digital Forensics ◍ Incident Response & DFIR ◆ Security Tools & Reviews ◇ Industry News & Leadership ✉ Email Security 🛡 Active Threats ⚠ Critical CVEs ◐ Insider Threat & DLP ◌ Quantum Computing ◬ AI & Machine Learning
🔥 Trending Topics · Last 48h
⬡ Vulnerabilities & CVEs
CVE-2026-25936 | GLPI up to 11.0.5 sql injection (GHSA-qw3x-7vv2-7759)

A vulnerability was found in GLPI up to 11.0.5 . It has been declared as critical . The affected element is an unknown function. Such manipulation leads to sql injection. This vulnerability is traded …

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-4358 | MongoDB Server up to 7.0.30/8.0.19/8.2.5 Aggregation lookup double free

A vulnerability was found in MongoDB Server up to 7.0.30/8.0.19/8.2.5 . It has been classified as problematic . Impacted is an unknown function of the component Aggregation Handler . This manipulation…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-3563 | Devolutions PowerShell Universal up to 2026.1.3 Endpoint improper validation of unsafe equivalence in input (DEVO-2026-0008)

A vulnerability was found in Devolutions PowerShell Universal up to 2026.1.3 and classified as problematic . This issue affects some unknown processing of the component Endpoint . The manipulation res…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-32837 | mackron miniaudio up to 0.11.25 WAV File Parser null termination (Issue 1101)

A vulnerability has been found in mackron miniaudio up to 0.11.25 and classified as problematic . This vulnerability affects unknown code of the component WAV File Parser . The manipulation leads to i…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-32836 | mackron dr_libs up to 0.13.3 PICTURE drflac__read_and_decode_metadata mimeLength/descriptionLength memory allocation (Issue 298)

A vulnerability, which was classified as problematic , was found in mackron dr_libs up to 0.13.3 . This affects the function drflac__read_and_decode_metadata of the component PICTURE Handler . Executi…

VulDB Read →
⬡ Vulnerabilities & CVEs
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats - The Hacker News

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats The Hacker News

The Hacker News Read →
⬡ Vulnerabilities & CVEs
MSHTML Framework 0-Day Exploited by APT28 Hackers Before Feb 2026’s Patch Tuesday Update - CyberSecurityNews

MSHTML Framework 0-Day Exploited by APT28 Hackers Before Feb 2026’s Patch Tuesday Update CyberSecurityNews

CyberSecurityNews Read →
⬡ Vulnerabilities & CVEs
CVE-2025-15363 | Get Use APIs Plugin up to 2.0.9 on WordPress cross site scripting (EUVD-2025-208813)

A vulnerability classified as problematic was found in Get Use APIs Plugin up to 2.0.9 on WordPress. This issue affects some unknown processing. The manipulation results in cross site scripting. This …

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-32608 | nicolargo glances up to 4.5.1 secure_popen os command injection

A vulnerability classified as critical has been found in nicolargo glances up to 4.5.1 . This vulnerability affects the function secure_popen . The manipulation leads to os command injection. This vul…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-32268 | CraftCMS azure-blob up to 2.1.0 actionLoadContainerData authorization (GHSA-q6fm-p73f-x862)

A vulnerability described as problematic has been identified in CraftCMS azure-blob up to 2.1.0 . This affects the function actionLoadContainerData . Executing a manipulation can lead to missing autho…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-32265 | CraftCMS aws-s3 up to 2.2.4 actionLoadBucketData information disclosure (GHSA-hwj7-4vgc-j3v9)

A vulnerability marked as problematic has been reported in CraftCMS aws-s3 up to 2.2.4 . Affected by this issue is the function actionLoadBucketData . Performing a manipulation results in information …

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-22168 | OpenClaw up to 2026.2.20 argument injection (GHSA-5v6x-rfc3-7qfr)

A vulnerability labeled as critical has been found in OpenClaw up to 2026.2.20 . Affected by this vulnerability is an unknown functionality. Such manipulation leads to argument injection. This vulnera…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-32266 | CraftCMS Google Cloud Storage for Craft CMS plugin up to 2.2.0 actionLoadBucketData information disclosure (GHSA-67cr-jmh8-4jpq)

A vulnerability identified as problematic has been detected in CraftCMS Google Cloud Storage for Craft CMS plugin up to 2.2.0 . Affected is the function actionLoadBucketData . This manipulation causes…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-27522 | OpenClaw up to 2026.2.23 Message sendAttachment/setGroupIcon path traversal (GHSA-fqcm-97m6-w7rm)

A vulnerability categorized as critical has been discovered in OpenClaw up to 2026.2.23 . This impacts the function sendAttachment/setGroupIcon of the component Message Handler . The manipulation resu…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-22174 | OpenClaw up to 2026.2.21 Authentication Token /json/version missing authentication (GHSA-v3j7-34xh-6g3w)

A vulnerability was found in OpenClaw up to 2026.2.21 . It has been rated as critical . This affects an unknown function of the file /json/version of the component Authentication Token Handler . The m…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-22170 | OpenClaw up to 2026.2.21 BlueBubbles Plugin authorization (GHSA-jwf4-8wf4-jf2m)

A vulnerability was found in OpenClaw up to 2026.2.21 . It has been declared as problematic . The impacted element is an unknown function of the component BlueBubbles Plugin . Executing a manipulation…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-29056 | Kanboard up to 1.2.50 Registration register dynamically-determined object attributes (GHSA-2jvj-q44v-6p3x)

A vulnerability was found in Kanboard up to 1.2.50 . It has been classified as critical . The affected element is the function UserInviteController::register of the component Registration Handler . Pe…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-27545 | OpenClaw up to 2026.2.25 Working Directory toctou (GHSA-f7ww-2725-qvw2)

A vulnerability was found in OpenClaw up to 2026.2.25 and classified as problematic . Impacted is an unknown function of the component Working Directory Handler . Such manipulation leads to time-of-ch…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-27524 | OpenClaw up to 2026.2.20 /debug prototype pollution (GHSA-62f6-mrcj-v8h5)

A vulnerability has been found in OpenClaw up to 2026.2.20 and classified as problematic . This issue affects some unknown processing of the file /debug . This manipulation causes improperly controlle…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-22181 | OpenClaw up to 2026.3.1 Environment Variable server-side request forgery (GHSA-8mvx-p2r9-r375)

A vulnerability, which was classified as critical , was found in OpenClaw up to 2026.3.1 . This vulnerability affects unknown code of the component Environment Variable Handler . The manipulation resu…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-32256 | Borewit music-metadata up to 11.12.2 ASF Parser lib/asf/AsfParser.ts parseExtensionObject infinite loop (GHSA-v6c2-xwv6-8xf7)

A vulnerability, which was classified as problematic , has been found in Borewit music-metadata up to 11.12.2 . This affects the function parseExtensionObject in the library lib/asf/AsfParser.ts of th…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-1780 | silentwind CRPaid Link Manager Plugin up to 0.5 on WordPress cross site scripting (EUVD-2026-12763)

A vulnerability classified as problematic was found in silentwind CRPaid Link Manager Plugin up to 0.5 on WordPress. Affected by this issue is some unknown functionality. Executing a manipulation can …

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-33058 | Kanboard up to 1.2.50 sql injection (GHSA-f62r-m4mr-2xhh)

A vulnerability classified as critical has been found in Kanboard up to 1.2.50 . Affected by this vulnerability is an unknown functionality. Performing a manipulation results in sql injection. This vu…

VulDB Read →
⬡ Vulnerabilities & CVEs
CVE-2026-32254 | cloudnativelabs kube-router up to 2.7.x DenyServiceExternalIPs Feature access control (GHSA-phqm-jgc3-qf8g)

A vulnerability described as critical has been identified in cloudnativelabs kube-router up to 2.7.x . Affected is an unknown function of the component DenyServiceExternalIPs Feature . Such manipulati…

VulDB Read →
← Prev 426 / 430 Next →