Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Google Chrome 147.0.7727.55 Security Update Advisory (Multiple CVEs)

chromereleases.googleblog.com · 2026-04-09

### Vulnerability Overview Google Chrome released a stable update version 147.0.7727.55, which includes multiple security fixes. These fixes address various types of vulnerabilities, including heap bu…

Intel Trace Hub Hardware Vulnerabilities CVE-2026-20709/CVE-2021-33150 Advisory

intel.com · 2026-04-09

### Vulnerability Overview This page primarily concerns two security vulnerabilities related to the Intel Trace Hub: 1. **CVE-2026-20709**: * **Description**: A vulnerability exists in the default cry…

SSRF Fix: /api/proxy Hardening, IP Blocklist & Redirect Chain Defense

github.com · 2026-04-09

### Vulnerability Overview This Pull Request fixes an **SSRF (Server-Side Request Forgery)** vulnerability in the `/api/proxy` endpoint. Attackers can control the `url` parameter to access internal se…

SourceCodester Online Food Ordering System v1.0 Business Logic Flaw: Negative Price Input Validation Bypass

github.com · 2026-04-09

### Vulnerability Overview * **Vulnerability Type**: Business Logic Error / Improper Input Validation * **Vendor**: SourceCodester * **Product**: Online Food Ordering System * **Version**: 1.0 * **Aff…

SSRF Vulnerability in openai-realtime-ui server.js and Fix Details

github.com · 2026-04-09

### Vulnerability Overview This is a **Server-Side Request Forgery (SSRF)** vulnerability (CWE-918) present in the `server.js` component of the `openai-realtime-ui` project. * **Vulnerability Mechanis…

DOM XSS Fix: Input Validation for Redirect in Onboarding Flow

github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** This is a **DOM-based XSS (Cross-Site Scripting)** vulnerability occurring within the **onboarding** process. Attackers can exploit this by craftin…

SSRF Fix: IP/Hostname Filtering and DNS Rebinding Protection

github.com · 2026-04-09

### Vulnerability Overview This commit addresses **SSRF (Server-Side Request Forgery)** vulnerabilities and **insecure redirection** issues present in the `/api/proxy` endpoint. Attackers could exploi…

OpenStatus DOM-Based XSS Vulnerability in Onboarding Endpoint

gist.github.com · 2026-04-09

### Vulnerability Overview * **Project Name**: OpenStatus * **Vulnerability Type**: DOM-Based Cross-Site Scripting (XSS) * **Severity**: High (CVSS 3.1 Base Score: 8.8) * **Report Date**: March 14, 20…

SSRF Vulnerability in bigsk1/openai-realtime-ui (CVE-2026-5803)

vuldb.com · 2026-04-09

### Vulnerability Overview * **CVE ID:** CVE-2026-5803 * **Vulnerability Name:** bigsk1 openai-realtime-ui API Proxy Endpoint server.js Query server-side request forgery * **Vulnerability Type:** Serv…

Stored XSS in Easy Blog Site PHP v1.0 at /blog/posts/update.php

github.com · 2026-04-09

### Vulnerability Overview * **Vulnerability Type**: Stored Cross-Site Scripting (Stored XSS) * **Affected Product**: Easy Blog Site in PHP (v1.0) * **Affected Endpoint**: `/blog/posts/update.php` * *…

Juniper Junos OS CVE-2025-30650 Missing Authentication for Critical Function Advisory

kb.juniper.net · 2026-04-09

# 2026-04 Security Bulletin: Junos OS Vulnerability Summary ## Vulnerability Overview * **CVE ID:** CVE-2025-30650 * **Vulnerability Description:** A critical "Missing Authentication for Critical Func…

Command Injection in @idachev/mcp-javadc (CWE-78) Analysis and Fix

github.com · 2026-04-09

### Vulnerability Summary: Command Injection in @idachev/mcp-javadc **1. Vulnerability Overview** * **Vulnerability Type**: OS Command Injection (CWE-78) * **Vulnerability Description**: A command inj…

Juniper Junos OS CVE-2025-30650 Privileged Local User Escalation to FPC Root

supportportal.juniper.net · 2026-04-09

### Vulnerability Overview * **Vulnerability Name:** Junos OS: Privileged local user can gain access to a Linux-based FPC as root * **CVE ID:** CVE-2025-30650 * **Vulnerability Description:** This is …

mw-wp-form WordPress Plugin Path Traversal Vulnerability Fix Analysis

github.com · 2026-04-09

# Vulnerability Summary: mw-wp-form File Upload Path Validation Bypass ## Vulnerability Overview This Pull Request addresses a security vulnerability in the **mw-wp-form** WordPress plugin. The core i…

XWiki ScriptXWikiServletRequest Unauthenticated Access to Underlying HttpServletRequest Fix

github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability ID**: XWiki-23698 * **Description**: The `ScriptXWikiServletRequest.getRequest()` method lacked permission checks prior to the fi…

CVE-2026-5802: Unauthenticated RCE in idachev mcp-javac

vuldb.com · 2026-04-09

### Vulnerability Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2026-5802 * **CVSS Score**: 6.6 (Critical) * **Vulnerability Type**: OS Command Injection * **Detailed Description**: A critic…

code-projects Easy Blog Site 1.0 SQL Injection Vulnerability (CVE-2026-5805)

vuldb.com · 2026-04-09

# Vulnerability Summary: code-projects Easy Blog Site SQL Injection ## 1. Vulnerability Overview * **Vulnerability Name**: code-projects Easy Blog Site up to 1.0 /users/contact_us.php Name SQL Injecti…

CVE-2025-30650: Juniper Junos Local Privilege Escalation Advisory

github.com · 2026-04-09

# CVE-2025-30650: Juniper Junos Local Privilege Escalation Vulnerability Summary ## Vulnerability Overview * **CVE ID**: CVE-2025-30650 * **Severity**: Moderate (6.7 / 10) * **Description**: * Local a…

WordPress Profile Builder Privilege Escalation & Info Disclosure via Insecure Password Reset (CVE-2023-0814/CVE-2023-229

lana.codes · 2026-04-09

### Vulnerability Overview The WordPress plugin **Profile Builder by Cozmoslabs** contains vulnerabilities related to an insecure password reset mechanism and sensitive information disclosure via Shor…

FluentCRM CVE-2023-1430: Insufficient Use of Hash as Authorization Control

github.com · 2026-04-09

### Vulnerability Overview * **CVE ID**: CVE-2023-1430 * **Vulnerability Name**: Insufficient Use of Hash as Authorization Control * **CVSS Score**: 6.5 (Medium) * **Affected Software**: FluentCRM * *…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+