Security Intel Hub 23488+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

AMF Missing Default Case in Content-Type Switch (CVE-2025-41136)

github.com · 2026-04-22

# [AMF] Missing default case in Content-Type switch in HTTPUEContextTransfer ## Vulnerability Overview In the file `internal/sbi/api/communication.go`, the `HTTPUEContextTransfer` function processes t…

openfga v1.4.1 Host Header Injection Vulnerability Fix

github.com · 2026-04-22

### Vulnerability Overview In version `v1.4.1` of the `openfga` project, there is a security vulnerability. This vulnerability involves the `AuthZEn` discovery metadata, specifically that the publishe…

pyLoad Session Management Fix for GHSA-60hx-chf7-3332

github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper User Session Management - **Impact**: When a user is modified/deleted or their password is changed, sessions are not properly inv…

Craft CMS Path Traversal Vulnerability Fix Analysis

github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves an issue with resource path handling in Craft CMS, specifically manifested in the `AppController.php` and `Application.php` files, where insecure…

CVE-2026-4133: payload-ng Stale Session Privilege Bypass Analysis

github.com · 2026-04-22

# Vulnerability Summary: Stale Session Privilege After Role/Permission Change ## Overview **Title**: Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) **CVE ID**: CVE-…

free5GC PCF Memory Leak DoS via CORS Middleware Registration

github.com · 2026-04-22

# [PCF] Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service ## Vulnerability Overview In the PCF (Policy Control Function) of free5GC, there is a memory leak vulner…

PCF NPCF Sm/Ue Policy Control Unauthenticated Access Leading to SUPI Leakage and Fix

github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves the absence of authentication middleware in `smPolicyGroup` and `uePolicyGroup`, allowing unauthenticated requests to directly access business lo…

CVE-2026-40343: UDR fail-open in PolicyDataSubsToNotifyPost allows unintended subscription creation

github.com · 2026-04-22

### Vulnerability Overview **Title**: UDR fail-open request handling in PolicyDataSubsToNotifyPost may allow unintended subscription creation after input errors **Description**: - **Issue**: In the `P…

CraftCMS Host Header Injection Leads to SSRF via resource-js Endpoint

github.com · 2026-04-22

# CraftCMS Host Header Injection Leads to SSRF via resource-js Endpoint ## Vulnerability Overview - **Vulnerability Type**: Host Header Injection leading to SSRF (Server-Side Request Forgery) - **Affe…

Craft CMS User Group Removal Authorization Bypass (CVE-2026-41128)

github.com · 2026-04-22

# Craft CMS User Group Removal Privilege Escalation Vulnerability Summary ## Vulnerability Overview **Title**: Missing Authorization Check on User Group Removal via save-permissions Action **CVE ID**:…

Craft CMS Authorization Bypass Fix in UsersController (GHS-1q2f-59p3-p3m3)

github.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Type**: Authorization Bypass Vulnerability - **Description**: In the file `src/controllers/UsersController.php`, the functions `actionSavePermissions` and …

CraftCMS File Upload Protocol Bypass Fix Analysis

github.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Type**: File Upload Vulnerability - **Vulnerability Description**: In the `craftcms/cms` project, the `handleUpload` function in the `Asset.php` file conta…

Mozilla Thunderbird 150 Security Advisory: Fixes Multiple High-Severity Vulnerabilities

www.mozilla.org · 2026-04-22

# Mozilla Security Advisory 2026-33: Summary of Security Vulnerability Fixes in Thunderbird 150 ## Vulnerability Overview Mozilla has released Thunderbird version 150, which fixes multiple security vu…

Mozilla Thunderbird 140.10 Security Advisory: Multiple CVEs Fixed

www.mozilla.org · 2026-04-22

# Mozilla Security Advisory 2026-34 Summary ## Vulnerability Overview The Mozilla Foundation has released a security advisory addressing multiple security vulnerabilities in Thunderbird 140.10. These …

AVideo CVE-2026-33502 Command Injection Vulnerability Analysis and Fix

github.com · 2026-04-22

# Vulnerability Summary: CVE-2026-33502 ## Overview * **Vulnerability Name**: AVideo Command Injection Vulnerability (CVE-2026-33502) * **Vulnerability Type**: CWE-78 (OS Command Injection) * **Severi…

Live Plugin statusURL Protocol Whitelist Bypass Fix

github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves enhanced URL validation, specifically protocol whitelist verification for `statusURL`. The current code fails to properly validate the protocol o…

CloneSite Plugin Command Injection Fix Analysis

github.com · 2026-04-22

### Vulnerability Overview This vulnerability involves improper escaping of shell parameters when cloning repository URLs and SQL dump files, leading to potential security risks. ### Impact Scope - **…

CloneSite Plugin RCE Vulnerability (CVE-2024-41304) Analysis and Exploitation

github.com · 2026-04-22

# RCE caused by CloneSite plugin ## Vulnerability Overview The `cloneClient.json.php` endpoint in the CloneSite plugin contains a remote code execution (RCE) vulnerability. This endpoint constructs sh…

OAuth2 Proxy CVE-2024-41059 Authentication Bypass via Fragment Confusion

github.com · 2026-04-22

# Vulnerability Overview **Title**: Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex **CVE ID**: CVE-2024-41059 **CVSS v3 Score**: 8.2 / 10 (High) **Reporter**: roo…

OAuth2 Proxy X-Forwarded-Uri Header Spoofing Authentication Bypass

github.com · 2026-04-22

# Vulnerability Summary: OAuth2 Proxy X-Forwarded-Uri Header Spoofing Bypasses Authentication ## Vulnerability Overview OAuth2 Proxy has a configuration-dependent authentication bypass vulnerability. …

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23488+