Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Fix for CWE-208 Timing Attack in Go Auth Module with POC

github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves addressing CWE-208 issues during the internal login process. CWE-208 is a timing-related vulnerability that may lead to information leakage or de…

WAVLINK WN530H4 Router set_add_routing Command Injection Vulnerability and POC

github.com · 2026-04-18

# WAVLINK WN530H4 Router `set_add_routing` Command Injection Vulnerability Summary ## Vulnerability Overview A critical OS command injection vulnerability has been discovered in the firmware of the WA…

cc-switch Local Proxy CORS Misconfiguration Enables API Key Abuse

github.com · 2026-04-18

# [Security] CORS Misconfiguration in Local Proxy Enables 1-Click API Key Abuse #1841 ## Vulnerability Overview The cc-switch local proxy server (default listening on `127.0.0.1:15721`) has an overly …

CVE-2026-3808: Authentication Bypass in @fastify/express Middleware

github.com · 2026-04-18

# Vulnerability Summary: Fastify/Express Middleware Authentication Bypass ## Vulnerability Overview **CVE-2026-3808** | **Severity: Critical (9.1/10)** Fastify/Express v0.4.0 does not normalize URLs b…

EspoCRM importEmi IDOR Vulnerability: Unauthorized Attachment Read/Delete

github.com · 2026-04-18

# Vulnerability Summary: EspoCRM Email importEmi Unauthorized Read and Delete of Attachments ## Overview The `POST /api/v1/Email/importEmi` endpoint in EspoCRM has a logic flaw. This endpoint allows a…

Fix for Unauthorized Access Vulnerability in Email Attachment Import

github.com · 2026-04-18

# Vulnerability Summary ## Overview This commit fixes a security vulnerability in the email attachment import feature. The main issues are: - Attachment ID validation logic was removed - Missing check…

SQL Injection in Daily Expense Tracking System V1.1 /register.php

github.com · 2026-04-18

# PHPGurukul Daily Expense Tracking System V1.1 SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: Daily Expense Tracking Sys…

CVE-2023-0341: Stack Buffer Overflow in libeditorconfig ec_glob()

github.com · 2026-04-18

### Vulnerability Overview **CVE-2023-0341** is a stack buffer overflow vulnerability that occurs in the `ec_glob()` function. This vulnerability allows an attacker to crash any application using `lib…

note-mark v0.19.1 Username Enumeration via Timing Side-Channel (CVE-2024-40263)

github.com · 2026-04-18

# Vulnerability Intelligence Summary ## Overview - **Vulnerability Name**: Information Disclosure: Username Enumeration via Login Endpoint (Timing Side-Channel) - **Vulnerability Type**: Timing Side-C…

cc-switch Local Proxy CORS Misconfiguration Enables 1-Click API Key Abuse

github.com · 2026-04-18

FFmpeg zmqsend Buffer Overflow Vulnerability Analysis

github.com · 2026-04-18

### Vulnerability Overview The webpage screenshot shows a C language source code file named `zmqsend.c`, which is part of the FFmpeg project. The code involves the use of the ZeroMQ library for sendin…

@fastify/express Path Double Registration Auth Bypass Vulnerability

github.com · 2026-04-18

# Fastify/Express Middleware Path Double Registration Leads to Authentication Bypass Vulnerability Summary ## Vulnerability Overview Fastify/Express v4.0.4 contains a path handling bug. When a child p…

Stored XSS via Unrestricted Asset Upload (v0.19.1)

github.com · 2026-04-18

# Stored XSS via Unrestricted Asset Upload ## Vulnerability Overview This is a stored same-origin cross-site scripting (Stored Same-Origin XSS) vulnerability. It allows any authenticated user to uploa…

note-mark v0.19.1 Broken Access Control on Asset Download

github.com · 2026-04-18

# Broken Access Control on Asset Download ## Vulnerability Overview - **Vulnerability Type**: Broken Access Control - **Description**: In the `note-mark` project, the asset download route is registere…

Fastify Proxy Connection Header Abuse Bypasses Access Control

github.com · 2026-04-18

# Vulnerability Summary: Connection Header Abuse Enables Stripping of Proxy-Added Headers ## Vulnerability Overview This vulnerability exists in `@fastify/reply-from` and `@fastify/http-proxy`. Due to…

Fix for getHostName Sensitive Info Leak in Go runtime/template/v2 Module

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Description**: In the `runtime/template/v2` module, the `getHostName` function was incorrectly exposed to template functions, which may lead to sensitive i…

EspoCRM <9.3.2 Attachment SSRF via DNS Rebinding

github.com · 2026-04-18

# SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access ## Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) achieved through DNS …

EspoCRM 9.3.3 Stored HTML Injection Vulnerability with POC

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: Stored HTML Injection - **Vulnerability Description**: In EspoCRM, there is a stored HTML injection vulnerability that allows authenticated users w…

Maddy LDAP Injection Fix GHSA-5835-4gvc-32pc

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: auth/ldap: Fix GHSA-5835-4gvc-32pc - **Vulnerability Description**: Add proper escaping when constructing LDAP search filter expressions. ### Impac…

EspoCRM Authenticated SSRF via IPv4 Notation Bypass (CVE-2024-XXXX)

github.com · 2026-04-18

# Vulnerability Summary: Authenticated SSRF via Internal-Host Validation Bypass Using Alternative IPv4 Notation ## Overview There is an authenticated Server-Side Request Forgery (SSRF) vulnerability i…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+