Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

CVE-2026-6623: Stored XSS in BichitroGan ISP Billing System

github.com · 2026-04-20

# CVE-2026-6623 #17 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Stored Cross-Site Scripting (XSS) in BichitroGan ISP Billing System * **CVE ID**: CVE-2026-6623 * **Affect…

Mogu Blog SSRF Vulnerability Analysis (CVE-2026-6625)

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: moxi624 Mogu Blog v2 up to 5.2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forger…

BichitroGan ISP Billing Software 2025.3.20 Stored XSS Vulnerability (CVE-2026-6623)

vuldb.com · 2026-04-20

# Vulnerability Summary: BichitroGan ISP Billing Software 2025.3.20 Cross-Site Scripting Vulnerability ## Overview - **Vulnerability Name**: BichitroGan ISP Billing Software 2025.3.20 Profile Page use…

EcclesiaCRM v8.x SQL Injection Vulnerability (CWE-89) and POC

github.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Vulnerability Description**: The Query Viewer component of EcclesiaCRM v8.x contains an SQL injection vulnerability. This compone…

SKYSEA Client View/SKYMEC IT Manager Improper File Access Privileges Vulnerability CVE-2026-39454 Advisory

www.skyseaclientview.net · 2026-04-20

# 【Important】Improper File Access Permission Setting Vulnerability (CVE-2026-39454) ## Vulnerability Overview * **Release Date**: April 20, 2026 * **Vulnerability ID**: CVE-2026-39454 * **CVSS 4.0 Sco…

Blind SSRF Bypass in Dify <= v1.13.3 via OpenAI Plugin Schema Parser

gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: Blind Server-Side Request Forgery (SSRF) Bypass via OpenAI Plugin Manifest Parsing **Description**: A blind Server-Side Request Forgery (SSRF) vulnerability exist…

Sonic Server File Upload Path Traversal Vulnerability Analysis

github.com · 2026-04-20

# Vulnerability Summary: Sonic Server File Upload Path Traversal Vulnerability (#2) ## Vulnerability Overview * **Vulnerability Type**: Path Traversal * **Affected Project**: Sonic Server (sonic-serve…

kdcproxy DoS Vulnerability (CVE-2023-39889) Analysis and Fix

github.com · 2026-04-20

### Vulnerability Overview This vulnerability involves a Denial of Service (DoS) issue in `kdcproxy`, based on unbounded TCP buffering. In the `Application._handle_recv` function, the next part of the…

Dify ImagePreview DOM-based XSS Vulnerability Analysis and Fix

gist.github.com · 2026-04-20

# Vulnerability Summary: DOM-based XSS Vulnerability in Dify ImagePreview Component ## Overview * **Vulnerability Title**: DOM-based XSS in ImagePreview Component via Unsanitized Filename * **Vulnerab…

Nuclei Expression Evaluation Panic Fix for Unresolved Variables

github.com · 2026-04-20

# Vulnerability Summary ## Overview In the `projectdiscovery/nuclei` project, there is a security issue related to expression evaluation. When using helper functions such as `{{base64}}`, if the passe…

Nuclei Expression Injection Vulnerability Fix Analysis

github.com · 2026-04-20

# Vulnerability Summary: Nuclei Expression Injection Fix ## Vulnerability Overview The Nuclei template engine has an expression injection vulnerability. The original implementation first replaced plac…

Nuclei v3.8.0 Fix: Env Var Disclosure via Response-Derived DSL Expressions

github.com · 2026-04-20

# Vulnerability Overview **Title**: Environment variable disclosure via Response-Derived DSL Expressions **Published by**: ehsandeep **Published Date**: 2 days ago **Severity**: Moderate (5.3 / 10) **…

Nuclei Template Expression Double Evaluation Fix

github.com · 2026-04-20

### Vulnerability Overview This vulnerability involves incorrectly evaluating expressions generated by templates. Specifically, after replacing placeholders, the `expressions.Evaluate()` function re-i…

SuperAGI WebScraperTool Full SSRF Vulnerability and POC

gist.github.com · 2026-04-20

# Vulnerability Summary: SuperAGI WebScraperTool SSRF Vulnerability ## Overview **Title**: Full SSRF via WebScraperTool allows authenticated users to access internal services and cloud metadata **Desc…

Blind SSRF in Dify <=0.6.9 via API Tool Remote Schema Fetch

gist.github.com · 2026-04-20

# Vulnerability Summary: Blind SSRF in Remote Schema Retrieval of API Tool ## Overview - **Title**: Blind Server-Side Request Forgery (SSRF) in Remote Schema Retrieval of API Tool - **Description**: A…

Dify SSRF Vulnerability (CVE-2026-6617) Analysis and POC

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-6617 - **Vulnerability Type**: Server-side request forgery (SSRF) - **Vulnerability Description**: A vulnerability was discovered in the `…

SuperAGI Resource Upload Path Traversal Vulnerability Analysis

gist.github.com · 2026-04-20

# Vulnerability Summary: SuperAGI Resource Upload Endpoint Path Traversal Vulnerability ## Overview **Title**: Path Traversal in Resource Upload Endpoint Leads to Arbitrary File Write **Description**:…

LangGenius Dify <=0.6.9 Blind SSRF Vulnerability in ApiToolManageService

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability ID**: #792231 - **Vulnerability Name**: LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918) - **Vulnerability Type**: Server-Side Request Forger…

SuperAGI IDOR Vulnerability: Cross-Organization Project Access and Modification

gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: IDOR on Project Endpoint Allows Cross-Organization Project Access and Modification **Description**: The project management endpoint allows any authenticated user …

SuperAGI Agent Execution IDOR Vulnerability Analysis

gist.github.com · 2026-04-20

# Vulnerability Summary: IDOR Vulnerability in Agent Execution Endpoints ## Overview **Title**: IDOR Vulnerability in Agent Execution Endpoints Allows Reading and Controlling Any Agent’s Execution **D…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+