Security Intel Hub 23521+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Tenda i9 Router Path Traversal Authentication Bypass

github.com · 2026-04-26

# Tenda i9 路由器路径遍历导致认证绕过漏洞 ## 漏洞概述 Tenda i9 路由器固件中存在一个通过路径遍历（Path Traversal）实现白名单绕过（Whitelist Bypass）的漏洞。该漏洞存在于 `R7WebSecurityHandler` 函数中，该函数本应作为安全守卫，通过检查 URL 前缀（如 `/public/`）来授予对静态资源的未授权访问。然而，应用程序未…

Tenda FH1202 Router formWlExtraSet Buffer Overflow Vulnerability (RCE)

github.com · 2026-04-26

# FH1202 缓冲区溢出漏洞总结 ## 漏洞概述在 Tenda FH1202 路由器的 `formWlExtraSet` 函数中存在一个缓冲区溢出漏洞。该函数读取用户提供的参数 `GO`，并将其传递给 `ask_reboot` 函数，期间没有进行任何长度检查。这导致通过 `sprintf` 函数将数据写入基于栈的缓冲区 `v3` 时发生溢出。 ## 影响范围 - **厂商**: Tenda …

TOTOLINK A8000RU Router ctsecgi.cgi Command Injection Vulnerability with PoC

github.com · 2026-04-26

# A8000RU 命令注入漏洞总结 ## 漏洞概述 TOTOLINK A8000RU 路由器存在命令注入漏洞。攻击者可通过构造恶意请求，在 `ctsecgi.cgi` 中利用 `pptpPassThru` 参数注入任意操作系统命令。 ## 影响范围 - **厂商**: TOTOLINK - **产品**: A8000RU - **版本**: 7.1cu643_b20200521 ## 修复方案 …

Tenda F456 SafeEmailFilter Stack Buffer Overflow Vulnerability Analysis

github.com · 2026-04-26

# F456 Vulnerability Summary ## Overview * **Vulnerability Type**: Buffer Overflow * **Vendor**: Tenda * **Product**: F456 * **Version**: v1.0.0.5 * **Author**: Li Tengzheng * **Description**: In the …

Tenda F456 SafeUrlFilter Stack Buffer Overflow Vulnerability Analysis

github.com · 2026-04-26

Tenda F456 Buffer Overflow in fromRouteStatic Function (RCE/DoS)

github.com · 2026-04-26

# F456 Vulnerability Summary ## Overview - **Vulnerability Type**: Buffer Overflow - **Location**: In the `fromRouteStatic` function, reading the user-provided parameter `page` without length checking…

Tenda F456 Buffer Overflow in fromAddressNat Function (RCE/DoS)

github.com · 2026-04-26

# F456 Vulnerability Summary ## Overview - **Vulnerability Type**: Buffer Overflow - **Vulnerable Location**: `fromAddressNat` function - **Trigger Condition**: The user-provided parameter `mitInterfa…

Tenda F456 v1.0.0.5 Stack-based Buffer Overflow in SafeMacFilter

vuldb.com · 2026-04-26

# Vulnerability Overview - **Vulnerability ID**: #798452 - **Vulnerability Title**: Tenda F456 v1.0.0.5 Stack-based Buffer Overflow - **Vulnerability Type**: Stack buffer overflow - **Submitter**: LzH…

Typecho <=1.3.0 SSRF Vulnerability Analysis: Weak Token Bypass and Gopher Protocol Exploitation

wang1rrr.github.io · 2026-04-26

# Typecho = $from; $i--) { if (sha1($secret . '.' . $i) == $token) { return true; } } return false; } ``` **Issue**: Uses `==` for loose comparison. In PHP, comparing a non-empty string `true` with a …

Typecho <= 1.3.0 Unauthenticated SSRF in Pingback Service

vuldb.com · 2026-04-26

# Vulnerability Summary: SSRF Vulnerability in Typecho 1.3.0 and Earlier Versions ## Vulnerability Overview In Typecho 1.3.0 and earlier versions, the `/actions/service?do=ping` endpoint is vulnerable…

Coze-Studio ExecuteSQL SQL Injection WAF Bypass via Case Sensitivity and Regex Logic

gist.github.com · 2026-04-26

# Vulnerability Summary: Multiple WAF Filter Bypasses in ExecuteSQL ## Vulnerability Overview This vulnerability involves bypassing WAF filters targeting system database access through two specific SQ…

@smythos/sdk Credential Leakage via Unsafe Fallback Mechanism

gist.github.com · 2026-04-26

### Vulnerability Overview **Title**: High Severity Vault Credential Leakage in @smythos/sdk via Insecure Fallback Mechanism **Description**: An insecure credential fallback mechanism exists in `@smyt…

AgentRuntime Debug Header Injection Auth Bypass (RCE)

gist.github.com · 2026-04-26

# Vulnerability Summary: Authentication Bypass via Debug Header Injection in AgentRuntime ## Vulnerability Overview **Title**: Authentication Bypass and Unauthorized Component Execution via HTTP Debug…

smythos <=0.0.15 Auth Bypass Vulnerability (CVE-2024-797643) with POC

vuldb.com · 2026-04-26

# Vulnerability Summary ## Overview - **Vulnerability ID**: #797643 - **Vulnerability Name**: Incorrect Authentication/Authorization Bypass in smythos versions 0.0.15) to fix this authentication and a…

@smythos/sdk <= 0.0.15 Credential Leakage via Unsafe Fallback

vuldb.com · 2026-04-26

# Vulnerability Summary: smythos sdk <= 0.0.15 Credential Leakage (CVE-200) ## Vulnerability Overview An insecure credential fallback mechanism exists in `@smythos/sdk`. If the SDK is initialized with…

sims deleteFileServlet Unauthorized Arbitrary File Delete Vulnerability

vuldb.com · 2026-04-26

# Vulnerability Overview **Title**: sims Latest Unauthorized Arbitrary File Delete Vulnerability **Submission ID**: #797682 **Status**: Verified **Submission Date**: June 4, 2026 **Review Date**: May …

coze-studio <= 0.5.1 SQL Injection via Input Validation Bypass

vuldb.com · 2026-04-26

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: #797644 - **Vulnerability Name**: coze-dev coze-studio <= 0.5.1 SQL Injection (CWE-89) / Improper Input Validation (CWE-20) - …

MaxSite CMS 109.4 Multiple Vulnerabilities (File Upload/SQLi/XSS) Summary

github.com · 2026-04-26

# Vulnerability Summary ## Overview Multiple security vulnerabilities exist in MaxSite CMS version 109.4, primarily involving file upload, SQL injection, cross-site scripting (XSS), and other security…

JWT Authentication Bypass: Hardcoded Key and Self-Comparison Logic Flaw

github.com · 2026-04-26

# Vulnerability Summary ## Overview This vulnerability involves JWT authentication bypass caused by two flaws: 1. **Hardcoded JWT Secret**: `TokenManager` uses a hardcoded default secret `asdwqe`, cau…

DataVines JWT Authentication Bypass via Hardcoded Secret and Self-Comparison Logic

github.com · 2026-04-26

# Vulnerability Summary: DataVines JWT Authentication Bypass ## Overview DataVines has a critical JWT authentication bypass vulnerability caused by two combined flaws: 1. **Hardcoded Secret**: The JWT…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23521+