Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

CVE-2026-33558: Apache Kafka Information Disclosure Vulnerability

lists.apache.org · 2026-04-20

# CVE-2026-33558: Apache Kafka Information Disclosure Vulnerability ## Vulnerability Overview The `NetworkClient` component of Apache Kafka outputs complete request and response information to the log…

X.org Xserver & Xwayland Security Advisory: UAF and Overflow CVEs

lists.x.org · 2026-04-20

# X.org Security Advisory: Multiple Security Issues ## Vulnerability Overview Multiple security issues have been identified in the X.org server and Xwayland implementations, involving the following th…

Path Traversal in p2r/convert buildCache.js (CVE-22)

github.com · 2026-04-20

# Vulnerability Summary ## Overview - **Vulnerability Type**: Path Traversal - **CVE ID**: CVE-22 - **Severity**: High (CVSS v3.1: 7.5) - **Affected Component**: buildCache.js - **Description**: A sec…

p2r3 convert buildCache.js Path Traversal Vulnerability (CVE-2026-6636)

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b API buildCache.js Bun.serve pathName path traversal - **CVE ID**: CVE-2026-6636 - **CVS…

p2r3 Convert 1.0.0 Path Traversal Vulnerability (CWE-22)

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability ID**: #793436 - **Vulnerability Name**: p2r3 Convert 1.0.0 Path Traversal - **Vulnerability Type**: CWE-22 (Improper Limitation of a Pathname to a Restrict…

usememos/memos Stored XSS and Broken Access Control Vulnerability Analysis

github.com · 2026-04-20

# Vulnerability Summary: Stored XSS and Broken Access Control in usememos ## Overview * **Vulnerability Name**: Stored XSS and Broken Access Control in usememos/memos * **Release Date**: January 31, 2…

CVE-2026-6634: Memos UpdateInstanceSetting Improper Authorization

vuldb.com · 2026-04-20

# Vulnerability Summary ## Overview - **Vulnerability Name**: USEMEMOS UP TO 0.22.1 UPDATEINSTANCESETTING SRC/APP.TSX MEMOS_ACCESS_TOKEN ADDITIONALSTYLE/ADDITIONALSCRIPT IMPROPER AUTHORIZATION - **CVE…

Rowboat JWT Signature Confusion Authentication Bypass Analysis

github.com · 2026-04-20

# Vulnerability Summary: Rowboat Critical Authentication Bypass (JWT Signature Confusion) ## 1. Vulnerability Overview * **Vulnerability Name**: Critical Authentication Bypass (JWT Signature Confusion…

Usememos Memos <=0.22.1 Privilege Escalation Stored XSS via UpdateInstanceSetting

vuldb.com · 2026-04-20

# Vulnerability Summary: Usememos Memos 0.22.1 Cross-Site Scripting Vulnerability ## Overview - **Vulnerability ID**: #79342 - **Vulnerability Type**: Cross-Site Scripting (Stored XSS) - **Description…

YiFangCMS 2.0.3 Stored XSS Vulnerability in RBAC Admin Module with POC

github.com · 2026-04-20

# YiFangCMS Cross-Site Scripting (XSS) Vulnerability Summary ## Vulnerability Overview YiFangCMS version 2.0.3 contains a cross-site scripting (XSS) vulnerability in the permission management module a…

Rowboat Labs Rowboat 0.1.67 JWT 'None' Algorithm Authentication Bypass

vuldb.com · 2026-04-20

# Vulnerability Summary: Rowboat Labs Rowboat 0.1.67 Authentication Bypass ## Overview A critical vulnerability has been discovered in the experimental `tools_webhook` component of Rowboat Labs Rowboa…

thin-vec Double Free/UAF in IntoIter::drop Leading to Arbitrary Code Execution

github.com · 2026-04-20

# thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics ## Vulnerability Overview A double free / use-after-free (UAF) vulnerability has been discovered in the implementa…

Tenda F451 httpd webExcTypemanFilter Buffer Overflow (CVE-2026-6631)

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: Tenda F451 1.0.0.7_cn_svn7958 httpd webExcTypemanFilter page buffer overflow - **CVE ID**: CVE-2026-6631 - **CVSS Score**: 8.0 (Critical) - **Descr…

Tenda F451 httpd Buffer Overflow Vulnerability (CVE-2026-6632) Analysis

vuldb.com · 2026-04-20

# Vulnerability Summary: Tenda F451 Buffer Overflow Vulnerability ## Overview - **Vulnerability Name**: Tenda F451 1.0.0.7_cn_svn7958 httpd /goform/SafeClientFilter fromSafeClientFilter manufacturer/G…

Tenda F451 httpd dips Buffer Overflow (CVE-2026-6630)

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: Tenda F451 1.0.0.7_cn_svn7958 httpd /goform/GstDhcpSetSer fromGstDhcpSetSer dips buffer overflow - **CVE ID**: CVE-2026-6630 - **CVSS Score**: 8.0 …

MetaCRM6 <6.4.0 Unauthenticated SQL Injection in sql.jsp

vuldb.com · 2026-04-20

# Vulnerability Summary: Beijing Meite Software Technology Co., Ltd. MetaCRM6 ```

Cockpit CMS v2.13.5 NoSQL Injection Vulnerability Analysis

github.com · 2026-04-20

# Cockpit CMS v2.13.5 NoSQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: NoSQL Injection * **Vulnerability Type**: Operator Injection & Aggregate Pipeline Inject…

Stored XSS in BichtrGan ISP Billing System (CVE-2026-6622)

github.com · 2026-04-20

# CVE-2026-6622 #18 ## Vulnerability Overview This vulnerability exists in the **BichtrGan ISP Billing System**. The application allows users or administrators to input data into the "Full Name" and "…

Cockpit CMS v2.13.5 NoSQL Injection in Asset Handler and Aggregate Endpoints

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability ID**: #792601 - **Vulnerability Name**: Cockpit-HQ Cockpit CMS 2.13.5 Injection - **Vulnerability Type**: NoSQL Injection (NoSQLi) - **Description**: A cri…

BichiroGan ISP Billing Software 2025.3.20 Stored XSS Vulnerability (CVE-2026-6622)

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: BichiroGan ISP Billing Software 2025.3.20 Customer edit cross site scripting - **CVE ID**: CVE-2026-6622 - **CVSS Score**: 2.2 (CVSS v3.0) - **Vuln…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+