Security Intel Hub 23504+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

wolfSSL DTLS 1.3 ACK Heap Overflow Vulnerability Fix Analysis

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** This PR fixes a vulnerability in the ACK (Acknowledgement) management mechanism within the DTLS 1.3 protocol implementation of the wolfSSL library.…

Path Traversal Fix: agent/memory/service.py and web_channel.py

github.com · 2026-04-10

### Vulnerability Summary * **Vulnerability Overview**: This is a **Path Traversal** vulnerability. An attacker can construct a special filename parameter to bypass restrictions and access system file…

wolfSSL Memory Safety Fixes: TLS1.3 Integer Underflow, Heap Overflow, Cert Parsing OOB

github.com · 2026-04-10

### Vulnerability Overview This page refers to Pull Request #10079 of the wolfSSL project, titled "Various GI and ZD fixes." This PR aims to resolve multiple memory safety and integer overflow issues …

Path Traversal Arbitrary File Read in chatgpt-on-wechat /api/memory/content

github.com · 2026-04-10

# Vulnerability Summary: Path Traversal Leading to Arbitrary File Read (#2734) ## 1. Vulnerability Overview This is a critical **Path Traversal** vulnerability existing in the `chatgpt-on-wechat` (Cow…

TOTOLINK A7100RU cstcgi.cgi Command Injection Vulnerability with PoC

github.com · 2026-04-10

### A7100RU Vulnerability Summary **Vulnerability Overview** A command injection vulnerability has been discovered in the `cstcgi.cgi` file of the TOTOLINK A7100RU router. This vulnerability allows a …

Simple IT Discussion Forum V1.0 user_id SQL Injection Vulnerability

github.com · 2026-04-10

### Vulnerability Overview This vulnerability exists in the `/crud.php` file of the **Simple IT Discussion Forum Project V1.0** project. Due to insufficient input validation of the `user_id` parameter…

wolfSSL PR #10088: Fixes ZD 21412-21426 vulns and session cache buffer overflow

github.com · 2026-04-10

# Security Fix Summary (PR #10088) ## Vulnerability Overview This is a batch containing multiple security fixes primarily targeting the **wolfSSL** library. This batch addresses **9** vulnerabilities …

MetaGPT Terminal.run_command Command Injection RCE

github.com · 2026-04-10

### Vulnerability Overview The `Terminal.run_command()` function in the MetaGPT project contains a command injection vulnerability. This function exposes a command execution interface to LLM (Large La…

MetaGPT Command Injection RCE in get_mime_type via shell=True

github.com · 2026-04-10

### Vulnerability Overview The `get_mime_type()` function in MetaGPT incorrectly uses `shell=True` when calling `shell_execute()`. An attacker can trigger command injection by injecting shell metachar…

PublicCMS FreeMarker SSTI RCE via Unrestricted Application Context

github.com · 2026-04-10

# PublicCMS FreeMarker SSTI Vulnerability Summary ## Vulnerability Overview PublicCMS utilizes FreeMarker as its template engine. Although multiple layers of SSTI protection have been implemented (suc…

TOTOLINK A7100RU cstecgi.cgi Command Injection Vulnerability with PoC

github.com · 2026-04-10

### A7100RU Vulnerability Summary **Vulnerability Overview** A command injection vulnerability exists in the `cstecgi.cgi` file of the TOTOLINK A7100RU router. An attacker can execute arbitrary operat…

Tenda F451 Router CVE-2026-5991 Stack-Based Buffer Overflow Advisory

vuldb.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name**: Tenda F451 1.0.0.7 /goform/WrlExtraSet formWrlExtraSet GO stack-based overflow * **CVE ID**: CVE-2026-…

D-Link DIR-605L curTime Buffer Overflow Vulnerability (CVE-2026-5984) Analysis

vuldb.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name**: D-Link DIR-605L 2.13B01 POST Request /goform/formSetLog curTime buffer overflow * **CVE ID**: CVE-2026…

D-Link DIR-605L Router curTime Buffer Overflow Vulnerability (CVE-2026-5981)

vuldb.com · 2026-04-10

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name**: D-Link DIR-605L 2.13B01 POST Request /goform/formAdvFirewall curTime buffer overflow * **CVE ID**: CVE…

ReDoS Vulnerability in jsVideoUrlParser Library

github.com · 2026-04-10

### Vulnerability Overview This is a Regular Expression Denial of Service (ReDoS) vulnerability. In the `getTime()` function (line 97) of the `lib/util.js` file within the `jsVideoUrlParser` library, …

ReDoS Vulnerability in js-video-url-parser Library

github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** This is a Regular Expression Denial of Service (ReDoS) vulnerability. In the `lib/util.js` file of the `js-video-url-parser` librar…

TOTOLINK A7100RU cstcgi.cgi Command Injection Vulnerability Analysis

github.com · 2026-04-10

### A7100RU Vulnerability Summary **Vulnerability Overview** A command injection vulnerability has been identified in the `cstcgi.cgi` component of the TOTOLINK A7100RU router. This vulnerability allo…

TOTOLINK A7100RU cstcgi.cgi Command Injection Vulnerability with PoC

github.com · 2026-04-10

wolfSSL Fix: Insufficient Digest Size Enforcement in Signature Gen/Verify

github.com · 2026-04-10

# Vulnerability Summary ## Vulnerability Overview This Pull Request addresses a vulnerability in the wolfSSL library where insufficient enforcement was applied to **digest size** during **signature ge…

Tenda F451 Router Stack Buffer Overflow in fromSafeEmailFilter Function

github.com · 2026-04-10

### Vulnerability Summary **1. Vulnerability Overview** The `fromSafeEmailFilter` function in Tenda F451_kfw products contains a **Buffer Overflow** vulnerability. Located within a user-supplied param…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23504+