Security Intel Hub 23504+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Tenda i12 Router Authentication Bypass via Path Traversal

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A critical authentication bypass vulnerability (Whitelist Bypass via Path Traversal) exists in the Tenda i12 router. This flaw resides within the `…

9Router Missing Auth on Admin API Endpoints Leads to Full Compromise

github.com · 2026-04-10

### Vulnerability Summary: Missing Authentication on 9Router Administrative API Endpoints **1. Vulnerability Overview** * **Vulnerability Name:** Missing Authentication on Administrative API Endpoints…

9Router Broken Access Control Vulnerability in /api/* Endpoints

github.com · 2026-04-10

### Vulnerability Overview A critical Broken Access Control vulnerability exists within the **9Router** project. This flaw stems from improper enforcement of authentication boundaries: while the `/das…

Simple IT Discussion Forum V1.0 SQL Injection Vulnerability in addcomment.php

github.com · 2026-04-10

### Vulnerability Overview * **Affected Product**: Simple IT Discussion Forum (Simple IT Discussion Forum Project V1.0) * **Affected File**: `/functions/addcomment.php` * **Vulnerability Type**: SQL I…

Apache OpenMeetings Insufficient Privileges in FileWebService (CVE-2026-33005)

lists.apache.org · 2026-04-10

### Vulnerability Key Information Summary * **Vulnerability Overview** * **CVE ID**: CVE-2026-33005 * **Vulnerability Name**: Apache OpenMeetings: Insufficient checks in FileWebService (Insufficient c…

Wago WBM OpenVPN Arbitrary Command Execution Vulnerability (CVE-2024-1490)

certvde.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability ID:** VDE-2024-008 / CVE-2024-1490 * **Description:** A security vulnerability exists in the Web-based Management (WBM) functiona…

Axios SSRF Vulnerability: no_proxy Bypass via Hostname Normalization Flaw

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A Server-Side Request Forgery (SSRF) vulnerability exists in the Axios library. This vulnerability stems from a flaw in the hostname normalization …

WAGO OpenVPN Privilege Escalation RCE (CVE-2024-008) Advisory

wago.csaf-tp.certvde.com · 2026-04-10

### Vulnerability Summary: CVE-2024-008 **Vulnerability Overview** * **CVE ID**: CVE-2024-008 * **Severity**: High * **Description**: A security vulnerability exists in the Web-Based Management (WBM) …

LimeSurvey Authenticated Stored XSS Vulnerability (CWE-79)

gist.github.com · 2026-04-10

### Key Vulnerability Summary **Vulnerability Overview** * **Vulnerability Name**: Authenticated Stored Cross-Site Scripting (SXSS) * **Vulnerability Type**: Injection * **CWE**: CWE-79 (Improper Neut…

phpBB ACP CSRF Vulnerability (CVE-2025-70811) with POC

github.com · 2026-04-10

### Vulnerability Overview * **CVE ID:** CVE-2025-70811 * **Vulnerability Name:** ACP CSRF (Admin Control Panel Cross-Site Request Forgery) * **Description:** The Admin Control Panel (ACP) module (`ad…

phpBB 3.3.15 Login CSRF Vulnerability (CVE-2025-70810) with PoC

gist.github.com · 2026-04-10

### Vulnerability Summary: CVE-2025-70810 **1. Vulnerability Overview** * **CVE ID:** CVE-2025-70810 * **Vulnerability Type:** Cross-Site Request Forgery (CSRF) * **Affected Version:** phpBB 3.3.15 * …

Apache Airflow JWT Token Not Invalidated on Logout Fix

github.com · 2026-04-10

### Vulnerability Key Information Summary **Vulnerability Overview** When a user performs a logout operation in Apache Airflow, the existing JWT token mechanism fails to invalidate the token immediate…

CVE-2025-14551 Vulnerability Fix: Prevent Logging of Sensitive Identity and Network Secrets

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** * **CVE ID**: CVE-2025-14551 * **Title**: Stop logging identity data and network secrets (Stop logging identity data and network secrets) * **Descr…

MLflow Stored XSS via YAML Deserialization and Authorization Bypass

afine.com · 2026-04-10

### Vulnerability Overview This webpage reveals two critical security vulnerabilities within the MLflow platform: 1. **Stored XSS (via YAML Deserialization)**: * The MLflow frontend uses the insecure …

ChurchCRM SQL Injection Vulnerability Analysis with PoC and Fix

github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** SQL injection vulnerabilities were discovered in the following three files within ChurchCRM: * `GroupPropsFormRowOps.php` * `PersonCustomFieldsRowO…

Fast-DDS Integer Overflow Remote DoS Vulnerability Analysis

github.com · 2026-04-10

### Vulnerability Overview This is a remote denial-of-service (DoS) vulnerability located within **Fast-DDS**. * **Trigger Condition**: Occurs when **DDS Security** mode is enabled. * **Attack Vector*…

Kibana SSRF Vulnerability (CVE-2026-33458) Advisory and Mitigation

discuss.elastic.co · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **Name:** Server-Side Request Forgery (SSRF) in Kibana One Workflow (Kibana One Workflow 中的服务器端请求伪造) * **Type:** CWE-918 - Server…

Kibana Fleet Authorization Bypass Vulnerability (CVE-2026-33461) Information Disclosure

discuss.elastic.co · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** An improper authorization vulnerability (CWE-863) exists in Kibana Fleet, potentially leading to information disclosure (CAPEC-122)…

ElementsKit Elementor Addons <=3.7.9 Stored XSS via Simple Tab Widget

www.wordfence.com · 2026-04-09

### Key Vulnerability Summary **1. Vulnerability Overview** * **Vulnerability Name:** ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

CVE-2026-33466: Logstash Arbitrary File Write and RCE via GeoIP Downloader

discuss.elastic.co · 2026-04-09

### Key Vulnerability Summary **1. Vulnerability Overview** * **Vulnerability Name:** Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write (Logstash中…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23504+