Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
pupnp release-1.18.5 fixes CVE-2026-41682 vulnerability
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-41682 - **Description**: Resolves a security vulnerability related to the upgrade of `softprops/action-gh-release` from version 2 to version…

Read more
Premium intel
CVSS 9.1
Sentry SSO Setup Identity Confusion Vulnerability Fix Analysis
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves an inconsistency between the IDP (Identity Provider) assertion email and the administrator identity linked within the authentication session duri…

Read more
Termix SSH Command Injection Vulnerability (CVE-2026-4253) Analysis and POC
github.com · 2026-05-09

# Vulnerability Summary: Termix-SSH Command Injection Vulnerability ## Vulnerability Overview A command injection vulnerability exists in the `extractArchive` and `compressFiles` endpoints due to the …

Read more
Premium intel
CVSS 8.1
TOTP Pending-Temp Token Allows Backup Code Regeneration and 2FA Bypass
github.com · 2026-05-09

### Vulnerability Overview **Vulnerability Name**: Pending-TOTP temporary token allows regeneration of backup codes, neutralizing TOTP **Vulnerability Description**: - On the `/users/login` endpoint, …

Read more
CVSS 4.3
anything-llm IDOR Vulnerability: Cross-User TTS Audio Disclosure
github.com · 2026-05-09

# Vulnerability Summary: Cross-User TTS Audio Disclosure via Chat ID (IDOR) ## Vulnerability Overview In the **Mintplex-Labs/anything-llm** project, an **Insecure Direct Object Reference (IDOR)** vuln…

Read more
CVSS 6.3
Grimmory Stored XSS via Malicious EPUB: Session Token Theft Analysis
github.com · 2026-05-09

# Stored XSS Vulnerability: Session Token Theft via Malicious EPUB ## Vulnerability Overview Grimmory's browser-based EPUB reader contains a stored Cross-Site Scripting (XSS) vulnerability. Attackers …

Read more
CVSS 6.6
Vim Heap Buffer Overflow in Spell File Loading (CVE-2026-4530)
github.com · 2026-05-09

# Vulnerability Summary: Heap Buffer Overflow in Vim Spell File Loading ## Vulnerability Overview - **Vulnerability Name**: Heap Buffer Overflow in spell file loading affects Vim When `todo` is suffic…

Read more
Premium intel
CVSS 9.9
Termix SSH OS Command Injection Vulnerability (CVE-2025-42454) Analysis
github.com · 2026-05-09

# Termix SSH OS Command Injection Vulnerability Summary ## Vulnerability Overview The Docker container management endpoint in Termix SSH is vulnerable to OS command injection. An attacker can execute …

Read more
CVSS 6.6
Vim spellfile.c Heap Buffer Overflow in read_compound
github.com · 2026-05-09

### 漏洞概述 在 `spellfile.c` 的 `read_compound()` 函数中存在一个堆缓冲区溢出漏洞。该漏洞发生在计算正则表达式模式缓冲区大小时,使用了有符号整数算术。当攻击者控制的 `SN_COMPOUND` 部分长度超过 400000000 字节时,由于 UTF-8 编码激活,乘法运算会回绕到 27,导致每字节循环写入超过 18 字节,从而溢出堆。 ### 影响范围 - *…

Read more
Vim path option backtick command execution vulnerability fix
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: The `path` option in `vim/vim` may lead to command execution. - **Problem Description**: When backticks are included in the `path` option, shell co…

Read more
Vim < 9.2.0435 OS Command Injection via Path Completion
github.com · 2026-05-09

# OS Command Injection via 'path' completion affects Vim < 9.2.0435 ## Vulnerability Overview The `:find` command-line completion feature in Vim contains an OS command injection vulnerability. When th…

Read more
CVSS 7.1
CVE-2025-4142 Stripe Webhook Signature Bypass Leads to Infinite Credit Fraud
github.com · 2026-05-09

# Stripe Webhook Signature Bypass Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Infinite Quota Fraud via Stripe Webhook Signature Bypass **Severity**: High (7.1/10) **CVE ID*…

Read more
Premium intel
CVSS 10.0
Arbitrary Code Execution in Postiz-app GitHub Actions Workflow (CVE-2026-42298)
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability Name**: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev - **Vulnerability Type**: Arbitrary Co…

Read more
SSRF Filter Bypass via 0.0.0.0 in QuantumNous/new-api
github.com · 2026-05-09

# SSRF Filter Bypass via 0.0.0.0 ## Vulnerability Overview This vulnerability exists in the `QuantumNous/new-api` project. Although SSRF protections were introduced in v0.9.0 and hardened in v0.9.6, t…

Read more
CVSS 4.4
Vim netrw Runtime Shell Injection via sftp/file URLs Fix Analysis
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: Runtime Injection - **Vulnerability Type**: Shell injection via SFTP and file URLs - **Description**: Shell injection occurs at runtime through SFT…

Read more
CVSS 7.5
pygeopapi Path Traversal Vulnerability Fix and PoC
github.com · 2026-05-09

# Vulnerability Summary ## Overview This vulnerability affects the `filesystem.py` file in the `pygeopapi` project, specifically related to path handling. Attackers can bypass security checks by const…

Read more
Open Redirect in Kargo UI OIDC Login Flow via redirectTo Parameter
github.com · 2026-05-09

# Vulnerability Summary: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter ## Vulnerability Overview - **Vulnerability Type**: Open Redirect - **Affected Component**: OIDC login flow …

Read more
CVSS 6.5
Gitroom SSRF Vulnerability Fix: DNS Rebinding Protection via Custom Dispatcher
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview This commit fixes a **SSRF (Server-Side Request Forgery) vulnerability**. Attackers can exploit this by constructing malicious URLs, causing the serve…

Read more
Premium intel
CVSS 8.6
pygeoapi SSRF Vulnerability: allow_internal_requests Configuration Flaw Analysis
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a feature in the `pygeoapi` project that allows internal HTTP requests. By default, `allow_internal_requests` is set to `F…

Read more
CVSS 7.9
Cilium CVE-2024-43320: bugtool exposes WireGuard private keys
github.com · 2026-05-09

# Vulnerability Overview **Title**: Sensitive information included in cilium-bugtool debug archive **Severity**: High (7.9 / 10) **CVE ID**: CVE-2024-43320 **Description**: `cilium-bugtool` is a debug…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.