Security Intel Hub 4971+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

MetaGPT Command Injection RCE in get_mime_type via shell=True

github.com · 2026-04-10

### Vulnerability Overview The `get_mime_type()` function in MetaGPT incorrectly uses `shell=True` when calling `shell_execute()`. An attacker can trigger command injection by injecting shell metachar…

PublicCMS FreeMarker SSTI RCE via Unrestricted Application Context

github.com · 2026-04-10

# PublicCMS FreeMarker SSTI Vulnerability Summary ## Vulnerability Overview PublicCMS utilizes FreeMarker as its template engine. Although multiple layers of SSTI protection have been implemented (suc…

TOTOLINK A7100RU cstecgi.cgi Command Injection Vulnerability with PoC

github.com · 2026-04-10

### A7100RU Vulnerability Summary **Vulnerability Overview** A command injection vulnerability exists in the `cstecgi.cgi` file of the TOTOLINK A7100RU router. An attacker can execute arbitrary operat…

Tenda F451 Router CVE-2026-5991 Stack-Based Buffer Overflow Advisory

vuldb.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name**: Tenda F451 1.0.0.7 /goform/WrlExtraSet formWrlExtraSet GO stack-based overflow * **CVE ID**: CVE-2026-…

D-Link DIR-605L curTime Buffer Overflow Vulnerability (CVE-2026-5984) Analysis

vuldb.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name**: D-Link DIR-605L 2.13B01 POST Request /goform/formSetLog curTime buffer overflow * **CVE ID**: CVE-2026…

D-Link DIR-605L Router curTime Buffer Overflow Vulnerability (CVE-2026-5981)

vuldb.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name**: D-Link DIR-605L 2.13B01 POST Request /goform/formAdvFirewall curTime buffer overflow * **CVE ID**: CVE…

ReDoS Vulnerability in jsVideoUrlParser Library

github.com · 2026-04-10

### Vulnerability Overview This is a Regular Expression Denial of Service (ReDoS) vulnerability. In the `getTime()` function (line 97) of the `lib/util.js` file within the `jsVideoUrlParser` library, …

ReDoS Vulnerability in js-video-url-parser Library

github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** This is a Regular Expression Denial of Service (ReDoS) vulnerability. In the `lib/util.js` file of the `js-video-url-parser` librar…

TOTOLINK A7100RU cstcgi.cgi Command Injection Vulnerability Analysis

github.com · 2026-04-10

### A7100RU Vulnerability Summary **Vulnerability Overview** A command injection vulnerability has been identified in the `cstcgi.cgi` component of the TOTOLINK A7100RU router. This vulnerability allo…

TOTOLINK A7100RU cstcgi.cgi Command Injection Vulnerability with PoC

github.com · 2026-04-10

wolfSSL Fix: Insufficient Digest Size Enforcement in Signature Gen/Verify

github.com · 2026-04-10

# Vulnerability Summary ## Vulnerability Overview This Pull Request addresses a vulnerability in the wolfSSL library where insufficient enforcement was applied to **digest size** during **signature ge…

Tenda F451 Router Stack Buffer Overflow in fromSafeEmailFilter Function

github.com · 2026-04-10

### Vulnerability Summary **1. Vulnerability Overview** The `fromSafeEmailFilter` function in Tenda F451_kfw products contains a **Buffer Overflow** vulnerability. Located within a user-supplied param…

MetaGPT Bash.run() Command Injection Vulnerability Analysis

github.com · 2026-04-10

# Vulnerability Summary: Bash.run() Command Injection in MetaGPT ## Vulnerability Overview This vulnerability exists in the `metagpt/tools/libs/terminal.py` file within MetaGPT. The `Bash` class is ex…

TOTOLINK A7100RU cstecgi.cgi Command Injection Vulnerability with PoC

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A command injection vulnerability has been identified in the `cstecgi.cgi` script of the TOTOLINK A7100RU router. Attackers can inject malicious co…

WolfSSL PKCS7 Streaming Bounds Check Missing Fix

github.com · 2026-04-10

### Vulnerability Overview The WolfSSL library lacks bounds checking when parsing indefinite-length end-of-content markers within PKCS7 streaming. Specifically, the return value of the `XFSEEK` functi…

TOTOLINK A7100RU Router Command Injection Vulnerability Analysis

github.com · 2026-04-10

### Vulnerability Overview The TOTOLINK A7100RU router contains a command injection vulnerability that allows remote attackers to execute arbitrary operating system commands. ### Scope of Impact * **V…

wolfSSL ECC on-curve Validation Missing & Performance Trade-off Analysis

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A security vulnerability exists in the Elliptic Curve Cryptography (ECC) implementation within the wolfSSL library. Specifically, the validation of…

wolfSSL X.509 notBefore/notAfter Boundary Check Fix

github.com · 2026-04-10

### Vulnerability Overview This Pull Request aims to address the missing boundary checks in the handling of X.509 certificate date fields (`notBefore` and `notAfter`) within the wolfSSL library. The p…

TOTOLINK A7100RU cstcgi.cgi Remote Command Injection Vulnerability with PoC

github.com · 2026-04-10

### Vulnerability Overview A command injection vulnerability has been discovered in the `cstcgi.cgi` file of the TOTOLINK A7100RU router. An attacker can construct a malicious `mode` parameter and pas…

Juniper Junos OS BGP DoS Vulnerability (CVE-2026-33797) Advisory

kb.juniper.net · 2026-04-10

### Vulnerability Overview * **CVE ID:** CVE-2026-33797 * **Vulnerability Type:** Improper Input Validation * **Severity:** High (High) - CVSS v3.1: 7.4, CVSS v4.0: 7.1 * **Description:** A vulnerabil…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Support Us — Your donation helps us keep running

Security Intel Hub 4971+