CVE-2026-45374

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...

Pilot Contamination Attacks Detection with Machine Learning for Multi-User Massive MIMO

Massive multiple-input multiple-output MMIMO is essential to modern wireless communication systems, like 5G and 6G, but it is vulnerable to active eavesdropping attacks. One type of such attack is the pilot contamination attack PCA, where a malicious user copies pilot signals from an authentic us...

EUVD-2024-47158

Malicious code in bioql PyPI...

EUVD-2024-46920

Malicious code in bioql PyPI...

Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

The threat actor behind the exploitation of vulnerable Craft Content Management System CMS instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo aka Hezb, which has a long history of leveragin...

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The...

CVE-2024-5768

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimoupdateprovider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5769

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

WordPress MIMO Woocommerce Order Tracking plugin <= 1.0.2 - Missing Authorization to Limited Settings Update vulnerability

Missing Authorization to Limited Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin MIMO Woocommerce Order Tracking versions = 1.0.2...

CVE-2024-5769

CVE-2024-5769 (MIMO Woocommerce Order Tracking, WordPress) The vulnerability stems from a missing capability check in multiple functions across all versions up to 1.0.2, allowing authenticated attackers with Subscriber-level access and above to add, update, or delete shipper tracking settings (da...

CVE-2024-5769 MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

CVE-2024-5769 MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

WordPress plugin MIMO Woocommerce Order Tracking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-5768

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimoupdateprovider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5768

CVE-2024-5768 affects MIMO Woocommerce Order Tracking (WordPress). The vulnerability is due to a missing capability check in mimo_update_provider, affecting all versions up to and including 1.0.2. Exploitation requires Subscriber+ authenticated access and can enable unauthorized modification of s...

WordPress plugin MIMO Woocommerce Order Tracking security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress MIMO Woocommerce Order Tracking plugin <= 1.0.2 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin MIMO Woocommerce Order Tracking versions = 1.0.2...

WordPress MIMO Woocommerce Order Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MIMO Woocommerce Order Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5768 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 17c034ea51f0 Credits Luci...

CVE-2024-4999

CVE-2024-4999 affects Ligowave UNITY (up to 6.95-2), PRO (up to 6.95-1.Rt3883), MIMO (up to 6.95-1.Rt2880), and APC Propeller (up to 2-5.95-4.Rt3352). The issue is a vulnerability in the web-based management interface that could allow an authenticated remote attacker to execute arbitrary commands...

CVE-2024-4999 Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection

A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller:...