Critical WordPress Plugin Flaw Allows Hackers to Create Admin Accounts Without Login (CVE-2025-14533) CyberSecurity News CyberDefenderJanuary 21, 2026January 21, 20268 mins0 CVE-2025-14533 is a critical unauthenticated privilege-escalation vulnerability affecting the Advanced Custom Fields: Extended (ACF Extended) WordPress plugin.…continue reading..
CVE-2026-23844: Unauthorized Account Balance Manipulation via IDOR in Whisper Money Vulnerabilities AegironJanuary 20, 2026January 20, 20269 mins0 CVE-2026-23844 — Whisper Money Vulnerability Type: Insecure Direct Object Reference (IDOR)Affected Product: Whisper MoneyAffected Component: Account balance…continue reading..
CVE-2026-22797: Critical OpenStack keystonemiddleware Flaw Enables Identity Spoofing & Full Admin Privilege Escalation Vulnerabilities AegironJanuary 20, 2026January 20, 20269 mins0 CVE-2026-22797 – OpenStack keystonemiddleware Vulnerability type: Privilege Escalation / Identity SpoofingComponent: keystonemiddleware (external_oauth2_token filter)Severity: CriticalCVSS v3.1 score:…continue reading..
CVE-2026-23723: Authenticated SQL Injection in WeGIA Leading to Full Database Compromise Vulnerabilities AegironJanuary 20, 2026January 20, 20269 mins0 CVE-2026-23723 Product: WeGIAVulnerability Type: SQL Injection (Authenticated)Impact: Full database exfiltrationCVSS v3.1 Score: 7.2Severity: HighAttack Vector: NetworkPrivileges Required:…continue reading..
CVE-2026-23875: Unauthorized Users Can Poison CrawlChat’s Knowledge Base via Authorization Bypass Vulnerabilities AegironJanuary 20, 2026January 20, 20268 mins0 Vulnerability Overview CVE: CVE-2026-23875Name: CrawlChat Authorization Bypass / Knowledge-Base PoisoningSeverity: MediumCVSS Score: ~5.7 (Moderate risk level)Exploitability: No…continue reading..
CVE-2026-23880: One Stored XSS Away from Full Admin Takeover in OnboardLite Vulnerabilities AegironJanuary 20, 2026January 20, 202610 mins0 Key Facts (At a Glance) What This Vulnerability Is This vulnerability exists in the way OnboardLite displays…continue reading..
CVE-2026-1193: Silent Admin Access Flaw Exposes MineAdmin to Remote Unauthorized Control Vulnerabilities AegironJanuary 20, 2026January 20, 202611 mins0 CVE: CVE-2026-1193Affected software: MineAdmin versions 1.x and 2.xType of issue: Improper authorization / authorization bypass at the…continue reading..
CVE-2025-29943: StackWarp — Critical AMD CPU Flaw That Breaks VM Isolation and Exposes Encrypted Secrets Vulnerabilities AegironJanuary 20, 2026January 20, 202610 mins0 Vulnerability Overview Vulnerability Name: StackWarpCVE ID: CVE-2025-29943Affected Vendors: AMDAffected Architectures: Zen 1, Zen 2, Zen 3, Zen…continue reading..
CVE-2026-22218 & CVE-2026-22219: Chainlit Critical Flaws Enable Silent File Theft and Server-Side Request Forgery Vulnerabilities AegironJanuary 20, 2026January 20, 20269 mins0 Chainlit Critical Vulnerabilities Disclosure Disclosure date: January 20, 2026Product: Chainlit – Open-source Python framework for building AI/chatbot…continue reading..
Critical Cloudflare WAF Bypass Exposed Origin Servers via Certificate Validation Logic CyberSecurity News AegironJanuary 20, 2026January 20, 20269 mins0 Vulnerability Summary What This Vulnerability Is Cloudflare automatically manages SSL/TLS certificates using the ACME protocol.To do this,…continue reading..
