Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Cookbook Pre-Auth Input Validation Bypass Leading to DoS and Cross-Tenant Data Leakage

github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** An input validation bypass vulnerability exists at the `food/{id}/shopping/` endpoint. This endpoint directly reads the `amount` and `unit` fields …

Unauthenticated Path Traversal in text-generation-webui load_grammar()

github.com · 2026-04-08

# CWE-22 Path Traversal in load_grammar() — Arbitrary File Read Without Authentication ## Vulnerability Overview An unauthenticated path traversal vulnerability exists in the `load_grammar()` function…

OpenViking Task API Unauthorized Access & Info Disclosure (CVE-862)

github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This is a security vulnerability in the OpenViking project regarding task API ownership leakage (CVE-862 / CWE-200). * **Root Cause**: The `/api/v1…

laravel-html-meta SSRF Bypass via Link Update (CVE-2020-33953) POC and Fix

github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** * **Name**: SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection * **CVE**: CVE-2020-33953 (Bypass) * **Description**…

PyLoad API Privilege Escalation via Unrestricted Config Modification (GHSA-4744-96p5-mp2j) Fix Analysis

github.com · 2026-04-08

### Vulnerability Summary **1. Vulnerability Overview** This commit addresses two security advisories (GHSA-4744-96p5-mp2j and GHSA-w48f-ww4f-f5fr) within the PyLoad project. The vulnerability allows …

SQL Injection in ChurchCRM 7.0.5 MemberRoleChange.php (CWE-89)

github.com · 2026-04-08

# SQL Injection in MemberRoleChange.php ## Vulnerability Overview * **Vulnerability Name:** SQL Injection in MemberRoleChange.php * **Severity:** High (CVSS 8.3) * **Description:** The `$newRole` POST…

Pi-hole FTL CVE-2026-3517 RCE via dns.upstreams Injection

github.com · 2026-04-08

# Pi-hole FTL Remote Code Execution Vulnerability (CVE-2026-3517) Summary ## Vulnerability Overview The Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the `dns.upstreams` (…

NVIDIA Triton Inference Server CVE-2026-24175 DoS Vulnerability Advisory

www.cve.org · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID:** CVE-2026-24175 * **Status:** PUBLISHED * **Description:** NVIDIA Triton Inference Server contains a vulnerability …

praisonai Path Traversal Vulnerability (CVE-2026-2015) Analysis and Fix

github.com · 2026-04-08

### Vulnerability Summary: Path Traversal Vulnerability in FileTools **1. Vulnerability Overview** This vulnerability exists in the `file_tools.py` file within the `praisonai` package. The core issue …

CVE-2026-15486 SSRF in text-generation-webui superbooga extension

github.com · 2026-04-08

# CWE-918 SSRF Vulnerability Summary ## Vulnerability Overview A severe Server-Side Request Forgery (SSRF) vulnerability exists in the RAG (Retrieval-Augmented Generation) functionality within the `su…

Pi-hole FTL DHCP Lease Time Newline Injection RCE

github.com · 2026-04-08

# Pi-hole FTL Remote Code Execution (RCE) Vulnerability Summary ## Vulnerability Overview Security researcher Julio Ángel Ferrari (aka TOX1CX) discovered a Remote Code Execution (RCE) vulnerability in…

Pi-hole FTL dns.cnameRecords RCE via Newline Injection in dnsmasq Config

github.com · 2026-04-08

### Vulnerability Overview A remote code execution (RCE) vulnerability exists in the Pi-hole FTL engine's DNS CNAME record configuration parameter (`dns.cnameRecords`). - **Discoverer**: Promofaux (TO…

kedro-datasets PartitionedDataset Path Traversal Vulnerability (CVE-2026-35167)

github.com · 2026-04-08

### Key Vulnerability Summary **1. Vulnerability Overview** * **Vulnerability Type:** Path Traversal / Arbitrary File Write. * **Affected Component:** The `PartitionedDataset` class within the `kedro-…

File Browser Hook Runner Command Injection Vulnerability (RCE) with PoC

github.com · 2026-04-08

### Summary of Vulnerability Key Information **Vulnerability Overview** A command injection vulnerability exists in the Hook Runner feature of File Browser. This system allows administrators to execut…

libp2p-rendezvous Unbounded Namespace Registration Causes OOM

github.com · 2026-04-08

### Vulnerability Overview A vulnerability exists in the **libp2p-rendezvous** server, which fails to limit the number of namespaces a single peer can register. A malicious peer can exploit this by cy…

ChurchCRM SSRF Vulnerability Analysis and PoC

github.com · 2026-04-08

### Vulnerability Summary: ChurchCRM SSRF Vulnerability **Vulnerability Overview** A Server-Side Request Forgery (SSRF) vulnerability exists in ChurchCRM versions 5.21.0 and earlier. Attackers can ind…

CVE-2026-35483: OS Command Injection in payload-ng via Antivirus Plugin

github.com · 2026-04-08

# Vulnerability Summary: payload-ng Improper Neutralization of Special Elements used in an OS Command ## 1. Vulnerability Overview * **Vulnerability Name**: Improper Neutralization of Special Elements…

filebrowser Proxy Auth Auto-Provisioned Users Inherit Execute Permission

github.com · 2026-04-08

# Vulnerability Summary: Proxy Auth Auto-Provisioned Users Inherit Execute Permission and Commands ## Vulnerability Overview A privilege configuration error exists in the Proxy Auth flow of `filebrows…

papra Expired API Keys Not Rejected Vulnerability

github.com · 2026-04-08

# Vulnerability Summary: Expired API Keys Are Not Rejected ## Vulnerability Overview This vulnerability exists within the `papra-hq/papra` project. The server stores an optional `expires_at` column in…

Papra CVE-2026-35460 HTML Injection in Transactional Emails via Unescaped User Display Name

github.com · 2026-04-08

### Vulnerability Key Information Summary **Vulnerability Name:** HTML Injection in Transactional Emails via Unescaped User Display Name **CVE ID:** CVE-2026-35460 **Affected Scope:** * **Affected Ver…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+