Security Intel Hub 23798+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

HotChocolate GraphQL Parser Stack Overflow Fix (Depth Limit)

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Description**: Add depth limit to GraphQL parser. - **Submitter**: @michaelstaib - **Related PR**: #9528 ### Impact Scope - **Affected Version**: 15.1.14 -…

ChurchCRM IDOR and Privilege Escalation Vulnerability Fix Analysis

github.com · 2026-04-18

# Vulnerability Summary: ChurchCRM IDOR and Permission Bypass ## Vulnerability Overview This Pull Request fixes two critical security issues in ChurchCRM: 1. **IDOR (Insecure Direct Object Reference)*…

HotChocolate Utf8GraphQLParser Stack Overflow Vulnerability Analysis

github.com · 2026-04-18

# Vulnerability Summary: Utf8GraphQLParser Stack Overflow Vulnerability ## Overview - **Vulnerability Name**: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents - **Severity**: Criti…

ChurchCRM Backup Restore Path Traversal RCE Fix

github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves insufficient validation of extracted image files during the backup restoration process, which may allow malicious files (such as PHP scripts) to …

ChurchCRM Backup Restore RCE Fix: Validate Extracted Images

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: security: validate extracted images in backup restore #8610 - **Vulnerability Description**: During the backup restoration process, extracted image…

Stored XSS in ChurchCRM UserEditor.php via Login Name Field

github.com · 2026-04-18

# Vulnerability Summary: Stored XSS in UserEditor.php via Login Name Field ## Vulnerability Overview ChurchCRM has a stored cross-site scripting (XSS) vulnerability. When an administrator saves a user…

Stored XSS in ChurchCRM PledgeEditor.php via Donation Comment Field (CVE-2025-40483)

github.com · 2026-04-18

# Vulnerability Overview **Title**: Stored XSS in PledgeEditor.php via Donation Comment Field **CVE ID**: CVE-2025-40483 **Severity**: Moderate (5.4 / 10) **Reporter**: Ayhan Bayıldız **Description**:…

ChurchCRM PledgeEditor SQL Injection Vulnerability Fix Analysis

github.com · 2026-04-18

### Vulnerability Overview The webpage screenshot shows a commit related to fixing an SQL injection vulnerability. The vulnerability is located in the `PledgeEditor` query, specifically involving quer…

ChurchCRM Authenticated RCE via Unrestricted PHP File Write in Database Restore (CVE-2026-40484)

github.com · 2026-04-18

# Vulnerability Summary: Remote Code Execution Vulnerability in ChurchCRM Database Restore Function ## Overview - **Vulnerability Name**: Authenticated Remote Code Execution via Unrestricted PHP File …

ChurchCRM CVE-2025-40582 Authentication Bypass via /api/public/user/login

github.com · 2026-04-18

# Vulnerability Summary: ChurchCRM Authentication Bypass Vulnerability ## Overview - **Vulnerability Name**: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout …

ChurchCRM IDOR Vulnerability Fix Analysis

github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview **IDOR (Insecure Direct Object Reference) Vulnerability** An insecure direct object reference vulnerability exists in the implementation of the `EditS…

Composer 2.9.6 Security Update: Command Injection, Credential Leak, and Weak Encryption Fixes

github.com · 2026-04-18

# Composer 2.9.6 Security Update Summary ## Vulnerability Overview Composer version 2.9.6 fixes multiple critical security vulnerabilities, mainly involving command injection, credential leakage, and …

ChurchCRM IDOR Vulnerability in /api/person Endpoint

github.com · 2026-04-18

# Vulnerability Summary: Missing Object-Level Authorization (IDOR) in ChurchCRM / CRM ## Vulnerability Overview * **Vulnerability Type**: Missing Object-Level Authorization (IDOR) * **Affected Compone…

VoiceServer SSRF and Rate Limit Bypass Vulnerability Fix

github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves security issues related to **SSRF (Server-Side Request Forgery)** and **rate limit bypass**. Specifically, VoiceServer has the following…

Hyper-V stubber.go path escape vulnerability fix

github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: hyperv: fix powershell path escape - **Vulnerability Description**: In the `stubber.go` file of Hyper-V, there is a path escaping issue that may ca…

ChurchCRM Username Enumeration Vulnerability (CVE-2024-40485) with POC

github.com · 2026-04-18

# Vulnerability Summary: ChurchCRM Username Enumeration Vulnerability ## Overview The public REST API login endpoint (`/api/public/user/login`) of ChurchCRM contains a **username enumeration vulnerabi…

ChurchCRM <= 7.1.2 CSRF Vulnerability Leading to Permanent Data Deletion

github.com · 2026-04-18

# Vulnerability Summary: ChurchCRM Cross-Site Request Forgery (CSRF) Leading to Permanent Data Deletion ## Vulnerability Overview The `SelectDelete.php` endpoint in ChurchCRM has a CSRF vulnerability.…

Terrarium Python Sandbox Escape and DoS Vulnerability Analysis

github.com · 2026-04-18

FuelPHP Installer.php Module Installation Privilege Escalation Analysis

github.com · 2026-04-18

### Vulnerability Overview The webpage screenshot shows a file named `Installer.php`, located in the `fuel/modules/fuel/controllers/` directory. This file contains a potential security vulnerability, …

DataEase SQL Injection Vulnerability (CVE-2025-33083) Analysis and POC

github.com · 2026-04-18

### SQL Injection Vulnerability Summary #### Vulnerability Overview - **Vulnerability Name**: SQL Injection in Order By Clause - **CVE ID**: CVE-2025-33083 - **Severity**: High - **Affected Versions**…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23798+