Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Simple Music Cloud v1.0 SQL Injection Vulnerability and POC

github.com · 2026-04-18

# Simple Music Cloud Community System v1.0 SQL Injection Vulnerability ## Vulnerability Overview Simple Music Cloud Community System v1.0 contains a SQL injection vulnerability. An attacker can constr…

Simple Music Cloud v1.0 SQL Injection Vulnerability with POC

github.com · 2026-04-18

Snipe-IT Stored XSS Vulnerability (CVE-2025-63743) Analysis and POC

github.com · 2026-04-18

# CVE-2025-63737 Vulnerability Summary ## Overview * **Vulnerability Name**: Snipe-IT Stored Cross-Site Scripting (Stored XSS) * **CVE ID**: CVE-2025-63743 * **Vulnerability Type**: Stored Cross-Site …

Simple Music Cloud v1.0 SQL Injection Vulnerability in view_playlist Parameter

github.com · 2026-04-18

Vehicle Showroom Management System V1.0 Unauthenticated SQL Injection in BRANCH_ID

github.com · 2026-04-18

# Vulnerability Summary: Vehicle Showroom Management System SQL Injection ## Overview * **Vulnerability Name**: Vehicle Showroom Management System Project V1.0 `/util/MonthTotalReportUpdateFunction.ph…

Emissary Executrix File Extension Injection Fix

github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves insufficient validation and sanitization of file extension values, which could allow shell/meta-character injection. Specifically, the `inFileEnd…

NovumOS v0.24 Kernel Privilege Escalation Fixes and IDT Hardening

github.com · 2026-04-18

# NovumOS v0.24 Security Vulnerability Fix Summary ## Vulnerability Overview This update fixes multiple privilege escalation vulnerabilities that could allow Ring 3 processes to execute arbitrary Ring…

HostBill Admin Panel Server-Side Validation Bypass via CSV Import and Request Tampering

github.com · 2026-04-18

# HostBill CVEs-2025 Vulnerability Summary ## Vulnerability Overview The HostBill admin panel has a missing server-side validation vulnerability, allowing administrators to bypass mandatory client reg…

NSA Emissary CVE-2025-35582 OS Command Injection Vulnerability and POC

github.com · 2026-04-18

# Vulnerability Summary: Executrix Command Injection Vulnerability ## Overview **Vulnerability Name**: OS Command Injection via Unvalidated `IN_FILE_ENDING` / `OUT_FILE_ENDING` in 'Executrix' **Vulner…

NovuOS CVE-2024-40317 Arbitrary Code Execution via Syscall 12

github.com · 2026-04-18

# Vulnerability Summary: Arbitrary Code Execution via Syscall 12 (JumpToUser) ## Overview - **Vulnerability Name**: Arbitrary Code Execution via Syscall 12 (JumpToUser) - **Description**: Syscall 12 (…

Vehicle Parking Area Management System v1.0 SQL Injection Vulnerability with POC

github.com · 2026-04-18

# Vehicle Parking Area Management System v1.0 SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Vulnerable File**: `/parking/manage_park.php` - **Vulner…

CVE-2024-35469: moby/spdystream SPDY Frame Parsing Memory Exhaustion DoS

github.com · 2026-04-18

# Vulnerability Summary: SPDY Frame Parsing Leads to Memory Amplification and Denial of Service ## Overview In the `moby/spdystream` library, the SPDYv3 frame parser does not validate attacker-control…

Vehicle Parking Area Management System v1.0 SQL Injection Vulnerability and POC

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: Vehicle Parking Area Management System v1.0 SQL Injection - **Vulnerability Type**: SQL Injection - **Vulnerable File**: `/parking/manage_location.…

Vehicle Parking Area Management System v1.0 SQL Injection (CVE-2024-4396) with POC

github.com · 2026-04-18

# Vulnerability Summary: Vehicle Parking Area Management System v1.0 SQL Injection ## Overview - **Vulnerability Type**: SQL Injection - **CVE ID**: CVE-2024-4396 - **Affected Version**: Vehicle Parki…

CVE-2024-40481: Unauthenticated DoS in monetr Stripe Webhook via Unbounded Request Body

github.com · 2026-04-18

# Unauthenticated Stripe Webhook Reads Unbounded Request Body ## Vulnerability Overview - **Vulnerability Name**: Unauthenticated Stripe webhook reads unbounded request bodies - **CVE ID**: CVE-2024-4…

CVE-2024-40572: Zig Local Privilege Escalation via Syscall 15

github.com · 2026-04-18

# Vulnerability Summary: Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange) ## Overview - **CVE ID**: CVE-2024-40572 - **CVSS Score**: 9.0/10 (Critical) - **Description**: Syscall 15 (`MemoryMap…

xrdp v0.10.6 Multiple Vulnerabilities Fix and UTMP Session Tracking Defect

github.com · 2026-04-18

### Vulnerability Overview In version `xrdp v0.10.6`, multiple security vulnerabilities exist, specifically including: 1. **CVE-2026-32105** 2. **CVE-2026-32107** 3. **CVE-2026-32623** 4. **CVE-2026-3…

CVE-2024-40170: ngtcp2 qlog Stack Buffer Overflow Vulnerability

github.com · 2026-04-18

# Vulnerability Summary: ngtcp2 qlog Parameter Serialization Stack Buffer Overflow ## Overview In the `ngtcp2` library, when the `qlog` feature is enabled and transport parameters from the peer are pr…

opam 2.5.1 Path Escape Vulnerability Fix (OSEC-2026-03)

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability ID**: OSEC-2026-03 - **Description**: Attempts to escape its scope when the installation field contains target file paths. - **Reporter**: @andrew - **Fixe…

NocoBase plugin-workflow-request SSRF Vulnerability Fix

github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves the server-side HTTP request sending logic in the `plugin-workflow-request` plugin of the `nocobase` project. Due to the lack of securit…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+