Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

DataEase SQL Injection Vulnerability (CVE-2025-33083) Analysis and POC

github.com · 2026-04-18

### SQL Injection Vulnerability Summary #### Vulnerability Overview - **Vulnerability Name**: SQL Injection in Order By Clause - **CVE ID**: CVE-2025-33083 - **Severity**: High - **Affected Versions**…

Control Panel SQL Injection Vulnerability and Fix

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: SQL Injection Vulnerability - **Vulnerability Description**: A high-severity SQL injection vulnerability exists in the control panel, specifically …

DataEase Deserialization RCE via Quartz and Commons-Collections POC

github.com · 2026-04-18

# Vulnerability Summary: Quartz Deserialization Leads to Remote Code Execution (RCE) ## Vulnerability Overview The official DataEase image includes the `velocity-1.7.jar` dependency, which relies on t…

Dataease GHSA-944x-93jf-h3rx Arbitrary File Read via JDBC Parameter Bypass and POC

github.com · 2026-04-18

# Arbitrary File Read Vulnerability ## Overview * **Vulnerability Type**: Arbitrary File Read * **Severity**: High * **Vulnerability ID**: GHSA-944x-93jf-h3rx * **Affected Component**: `io.dataease` (…

Unauthenticated Information Disclosure in Craft Commerce (CVE-2025-32270)

github.com · 2026-04-18

# Vulnerability Overview **Title**: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments **Description**: `PaymentsController::acti…

DataEase CVE-2024-40900 SQL Injection via Stacked Queries with POC

github.com · 2026-04-18

# SQL Injection Vulnerability Summary (io.dataease) ## Vulnerability Overview * **Vulnerability Name**: SQL Injection via Stacked Queries * **CVE ID**: CVE-2024-40900 * **Root Cause**: In the `preview…

Composer CVE-2024-40176 Command Injection via Malicious Perforce Config

github.com · 2026-04-18

# Vulnerability Overview **Title**: Command injection via malicious Perforce repository definition **CVE ID**: CVE-2024-40176 **CVSS Score**: 7.8 / 10 (High) **Reporter**: Seldaeck **Published Date**:…

Composer CVE-2024-45261 Command Injection via Perforce Source Reference

github.com · 2026-04-18

# Vulnerability Overview **Title**: Command injection via malicious Perforce source reference/url **CVE ID**: CVE-2024-45261 **Severity**: High (8.8 / 10) **Description**: Composer has a command injec…

CraftCMS Commerce RCE via SQLi and PHP Deserialization (CVE-2026-52271)

github.com · 2026-04-18

# Vulnerability Summary: craftcms/commerce Remote Code Execution Vulnerability ## Overview This vulnerability exists in the TotalRevenue widget of `craftcms/commerce`. An attacker can leverage an SQL …

DataEase v2.10.20 SQL Injection in getFieldEnumObj Endpoint

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: SQL Injection in getFieldEnumObj Endpoint - **Vulnerability Type**: SQL Injection - **Vulnerability Description**: A critical SQL injection vulnera…

DataEase getTextField SQL Injection Vulnerability and POC

github.com · 2026-04-18

# DataEase SQL Injection Vulnerability Summary ## Vulnerability Overview The `getTextField` endpoint of DataEase contains a SQL injection vulnerability. Because the `tableName` parameter is directly c…

Decidim v0.30.5 Security Update: CVE-2026-23891 Fix Guide

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-23891 - **Vulnerability Description**: This vulnerability involves a security issue; specific details will be released on March 30, 2026, wh…

Magick.NET 14.12.0 Security Update: Fixes ImageMagick Heap/Stack Overflows and OOB Read Vulnerabilities

github.com · 2026-04-18

# Magick.NET 14.12.0 Vulnerability Summary ## Vulnerability Overview Magick.NET version 14.12.0 fixes multiple security vulnerabilities originating from ImageMagick, including heap overflow, stack ove…

Docmost Stored XSS Vulnerability Analysis: Unsanitized Attachment URLs

github.com · 2026-04-18

# Docmost Stored XSS Vulnerability Summary ## Vulnerability Overview Docmost does not properly sanitize attachment URLs when accepting them in page content, allowing low-privileged authenticated users…

Dgraph Alpha Unauthenticated /debug/pprof/cmdline Token Disclosure

github.com · 2026-04-18

### Vulnerability Overview **Title**: Unauthenticated `/debug/pprof/cmdline` discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints **Description**: - **Summary**:…

Admin Panel Image Upload RCE Vulnerability Analysis

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: V-01 RCE Vulnerability - **Vulnerability Type**: Remote Code Execution (RCE) - **Vulnerability Description**: In the backend management system, the…

Dolibarr OS Command Injection (RCE) via MAIN_ODT_AS_PDF Configuration

github.com · 2026-04-18

# OS Command Injection (RCE) via MAIN_ODT_AS_PDF Configuration ## Vulnerability Overview Dolibarr contains a remote code execution (RCE) vulnerability. When the system attempts to convert an ODT docum…

EspoCRM SSRF Vulnerability Fix and Bypass Analysis

github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves bypassing hostname resolution in `curl` requests. An attacker can construct specific URLs to bypass internal host checks and access inte…

SQL Injection in admin/editcourse.php with POC

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Type**: SQL Injection (V-01 SQL Injection) - **Vulnerability Location**: `admin/editcourse.php?id` - **Vulnerability Description**: In the backend manageme…

Fix for Missing Authorization Check in Go Backend (CWE-862)

github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability ID**: CWE-862 - **Description**: Missing authorization checks lead to improper access control of assets. - **Impact**: Attackers may be able to ac…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+