Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Axios HTTP/2 Session State Corruption DoS Vulnerability

github.com · 2026-04-09

### Vulnerability Overview A State Corruption Vulnerability exists within the Axios HTTP/2 session cleanup logic. This Denial of Service (DoS) vulnerability allows a malicious server to cause a client…

Stored XSS via srcdoc bypass in cli4cms Google Maps iframe

github.com · 2026-04-09

# Vulnerability Summary: Stored XSS via srcdoc Attribute Bypass in Google Maps iframe Settings ## Vulnerability Overview This is a Stored Cross-Site Scripting (Stored XSS) vulnerability. In the Google…

NQ Vault/iLEAPP Path Traversal Vulnerability and Fix Analysis

github.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name:** NQ Vault Path Traversal Vulnerability (NQ Vault path traversal on decrypted file writes) * **Vulnerabi…

Command Injection Fix in parseusb.py via subprocess

github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** This commit fixes a **Command Injection** vulnerability in the `parseusb.py` script. The vulnerability primarily exists in the logic handling USB v…

Autopsy Path Traversal Fix in tsk_recover.cpp writeFile

github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** This is a **Path Traversal** vulnerability. An attacker can bypass expected directory restrictions by constructing paths containing special charact…

Fix for runtime placeholder injection vulnerability in uac eval command

github.com · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** This Pull Request fixes a **runtime placeholder injection vulnerability** (runtime placeholder injection). Attackers can inject mal…

NQ Vault Path Traversal Vulnerability Fix Analysis

github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** The NQ Vault component contains a **Path Traversal** vulnerability when decrypting files and writing them to disk. An attacker can construct filena…

Siklu EtherHaul 8010 Firmware Decryption & CVE-2025-57175 Exploitation

semaja2.net · 2026-04-09

### Vulnerability Overview This article details security vulnerabilities in the firmware of the **Siklu EtherHaul 8010** device. 1. **Physical Access and UART Acquisition**: Attackers can physically d…

Fix SSRF protection logic in fetch-guard: DNS pinning fallback when trusted proxy is unavailable

github.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** This commit resolves a conflict between DNS pinning logic and Trusted Environment Proxy logic within the `fetch-guard` module. *…

dfir-unifurl zlib Decompression Bomb DoS Vulnerability and Fix

github.com · 2026-04-09

### Vulnerability Overview A vulnerability exists in the `parse_compressed.py` module of the **dfir-unifurl** library. When calling `zlib.decompress()`, the module fails to set a maximum output size l…

dfir-unfurl Flask Debug Mode Bypass Leading to RCE

github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** The `dfir-unfurl` package contains a critical security vulnerability where Flask's debug mode is effectively always enabled by default. * **Root Ca…

MemProcFS 5.17 Concurrency Lock Fix and Plugin Path Resolution

github.com · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** The screenshot displays the GitHub commit `df80e6e` for the project `ufrisk/MemProcFS`, updating the version from `5.16.13` to `5.1…

SleuthKit ISO9660 Parser Missing Bounds Check Buffer Overflow Fix

github.com · 2026-04-09

# Vulnerability Summary ## Vulnerability Overview This commit addresses a **Missing Bounds Checks** vulnerability in the `sleuthkit` project, specifically within the `tsk/fs/iso9660.c` file. An attack…

Red Hat Quay CVE-2026-32590 Pickle Deserialization RCE

bugzilla.redhat.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID:** CVE-2026-32590 * **Vulnerability Name:** mirror-registry: remote code execution via pickle deserialization (Mirror…

Mobasi Sentinel: Security Audit of Digital Forensics Tools (Sleuth Kit, Ghidra, UAC, etc.)

mobasi.ai · 2026-04-09

### Vulnerability Overview and Scope This page presents the results of a security review conducted by Mobasi's "Sentinel" project on open-source digital forensic tools. Below are the identified critic…

Stata MCP Shell-escape Vulnerability and Fix

github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** This is a **Stata Shell-escape Vulnerability**. In the implementation of Stata MCP (Model Context Protocol), the system allows the execution of Sta…

Command Injection in stata_do Leading to RCE via subprocess shell=True

github.com · 2026-04-09

### Vulnerability Overview This vulnerability exists in the `stata_do` tool and is classified as a **Command Injection** vulnerability. * **Root Cause**: The server directly executes user-provided or …

LORIS Static Router Path Traversal Vulnerability (CVE-2026-34392) and Patch

github.com · 2026-04-09

### Vulnerability Summary: Path traversal in static router **1. Vulnerability Overview** * **Vulnerability Name:** Path traversal in static router (路径遍历漏洞) * **Description:** A vulnerability exists in…

LiquidJS replace Filter Memory Limit Bypass Vulnerability Analysis

github.com · 2026-04-09

### Vulnerability Overview The `replace` filter in LiquidJS contains a memory calculation error when the `memoryLimit` option is enabled. When invoking `memoryLimit.use()`, the filter only calculates …

OpenAirInterface AUSF Buffer Overflow Vulnerability (Unpatched)

gitlab.eurecom.fr · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** OpenAirInterface AUSF V2.2.0 contains a buffer overflow vulnerability. When the AMF (Access and Mobility Management Function) sends an oversized `r…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+