Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Kirby CMS Missing Authorization Vulnerability (CVE-2025-42068) Fix Guide
github.com · 2026-05-09

# Vulnerability Overview - **Vulnerability Name**: Read access to site, user, and role information is not gated by permissions - **Vulnerability ID**: GHSA-2h7v-4372-f6x2 - **Severity**: High (7.1 / 1…

Read more
Unauthenticated Information Disclosure in Arcane Huma via GET /templates Endpoints
github.com · 2026-05-09

# Unauthorized Disclosure of Custom Compose Template Content (Including `.env` Keys) ## Vulnerability Overview In Arcane's Huma backend, four GET endpoints under `/api/templates/` lack any security re…

Read more
Kirby CMS Inconsistent Permission Check Vulnerability (CVE-2026-42137) Advisory
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability Name**: `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API - **Severity**: High (CVSS …

Read more
Argo Workflows Missing Authz Check in Sync ConfigMap Provider CVE-2024-XXXX
github.com · 2026-05-09

# Vulnerability Summary: Argo Workflows Sync ConfigMap Provider Missing Authorization Check ## Vulnerability Overview The sync service of Argo Workflows (`server/sync/sync_cm.go`) **fails to perform a…

Read more
Argo Workflows ConfigMap Sync Privilege Escalation Fix: SelfSubjectAccessReview Implementation
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves the configmap sync endpoints in the Argo Workflows project. These endpoints relied solely on the identity of the Kubernetes client for RBAC check…

Read more
Argo Workflows CVE-2026-42183: SSO RBAC Delegation Nil Pointer Dereference DoS
github.com · 2026-05-09

# Vulnerability Summary: SSO RBAC Delegation Nil Pointer Dereference DoS ## Vulnerability Overview - **Vulnerability Name**: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) - **CVE ID*…

Read more
Argo Workflows SSO Delegation nil Pointer Panic Vulnerability
github.com · 2026-05-09

### Vulnerability Overview This vulnerability affects the `argoproj/argo-workflows` project. When the SSO Delegation namespace rules (RBAC) match but there are no matching namespace rules, `loginAccou…

Read more
Kirby /api/system API Version and License Info Disclosure (CVE-2024-42051)
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview - **Title**: System API endpoint leaks installed version and license data to authenticated users - **Description**: This vulnerability affects all Kir…

Read more
Premium intel
CVSS 8.1
Argo Workflows CVE-2026-31892 Incomplete Fix: Strict/Secure Mode Bypass via hostNetwork
github.com · 2026-05-09

# Vulnerability Summary: CVE-2026-31892 ## Vulnerability Overview **Title**: Incomplete fix for CVE-2026-31892: `hostNetwork`, `securityContext`, `serviceAccountName` bypass `templateReferencing` Stri…

Read more
Premium intel
CVSS 8.1
Argo Workflows Template Ref Bypasses podSpecPatch Security Restrictions in Strict/Secure Mode
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves bypassing all security settings in user-submitted Workflows, even when the template reference setting is configured to Strict or Secure mode. The…

Read more
Argo Workflows Credential Exposure via Log Leakage (CVE-2025-4235)
github.com · 2026-05-09

# Vulnerability Overview **Vulnerability Name**: Exposure of artifact repository credentials (CVE-2025-4235) **CVE ID**: CVE-2025-4235 **GHSA ID**: GHSA-7vf8-2drm-45m2 **Severity**: High **Affected Ve…

Read more
Gibbon v30.0.00 Authenticated SQL Injection and RCE Advisory
projectblack.io · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: Gibbon v30.0.00: Authenticated SQL Injection and RCE - **Vulnerability Type**: SQL Injection, Local File Inclusion (LFI), Denial of Service (DoS) -…

Read more
Kirby CMS User Avatar Creation, Replacement and Deletion Authorization Bypass
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: User avatar creation, replacement and deletion are not gated by user update permissions - **Description**: This vulnerabilit…

Read more
Gibbon v30.0.00 SQLi/LFI/RCE Vulnerabilities and POC Code
projectblack.io · 2026-05-09

# Gibbon v30.0.00 Vulnerability Summary ## Vulnerability Overview Gibbon School Management Software (v30.0.00) contains several security vulnerabilities, including: - **SQL Injection**: Malicious SQL …

Read more
Premium intel
CVSS 7.5
Lix Daemon Integer Overflow Vulnerability (CVE-2026-44028) Analysis and POC
lix.systems · 2026-05-09

# Vulnerability Summary: Lix Integer Overflow Vulnerability (CVE-2026-44028) ## Vulnerability Overview * **Vulnerability Type**: Integer Overflow * **CVE ID**: CVE-2026-44028 * **Release Date**: May 5…

Read more
Gibbon v30.0.00 Authenticated SQL Injection and LFI to RCE Vulnerability Analysis
projectblack.io · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: Gibbon v30.0.00: Authenticated SQL Injection and RCE - **Vulnerability Types**: SQL Injection, Local File Inclusion (LFI), Denial of Service (DoS) …

Read more
CVSS 6.4
WordPress E2Pdf Authenticated Stored XSS Vulnerability Advisory
www.wordfence.com · 2026-05-09

# E2Pdf – Export Pdf Tool for WordPress Stored XSS Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: E2Pdf – Export Pdf Tool for WordPress <= 1.32.17 - Authenticated (Contribut…

Read more
Linkwarden Stored XSS via Client-Side Archive Upload
github.com · 2026-05-09

# Vulnerability Summary: Stored XSS via Client-Side Archive Upload ## Overview - **Vulnerability Type**: Stored Cross-Site Scripting (Stored XSS) - **Root Cause**: The archive upload endpoint of `link…

Read more
Premium intel
CVSS 9.1
LinkWarden SSRF Vulnerability: Cloud Metadata Credential Theft
github.com · 2026-05-09

# Vulnerability Summary: LinkWarden SSRF Vulnerability ## Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) * **Vulnerable Component**: `fetchTitleAndHeaders` function * **Descript…

Read more
pupnp CVE-2026-6582 SSRF via Port Truncation in parse_uri
github.com · 2026-05-09

# CVE-2026-6582 (CWE-195) Vulnerability Summary ## Vulnerability Overview **Title**: Port truncation via `atoi()` cast in `parse_uri()` allows SSRF port confusion **Description**: A port truncation vu…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.