Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.9
Cilium v1.19.3 Security Advisory: BPF Panic, Memory Leak, Policy Fix
github.com · 2026-05-09

### Vulnerability Overview In Cilium v1.19.3, several security-related vulnerabilities and fixes were addressed, primarily involving the following areas: 1. **Performance issues in L7 policy proxy red…

Read more
CVSS 7.9
Cilium v1.17 Security Update: Memory Leaks, Panics, and IPAM Bugs Fix
github.com · 2026-05-09

### Vulnerability Overview - **v1.17** Fixed incorrect policy service selector handling (#44950, @fristonio). - **envoy** Fixed the XDS server NPDs listener count issue (Backport PR #45262, Upstream P…

Read more
Premium intel
CVSS 9.8
FastGPT Unauthenticated RCE via code-server Component
github.com · 2026-05-09

# Vulnerability Summary ## Overview FastGPT contains an unauthenticated Remote Code Execution (RCE) vulnerability. Attackers can exploit this vulnerability via the `code-server` component to execute a…

Read more
CVSS 6.3
FastGPT DNS Rebinding TOCTOU Bypass Leading to SSRF Vulnerability Analysis
github.com · 2026-05-09

# Vulnerability Summary: FastGPT DNS Rebinding TOCTOU Bypass Leading to SSRF ## Overview The `isInternalAddress` function in FastGPT contains a **DNS Rebinding TOCTOU (Time-of-Check to Time-of-Use)** …

Read more
CVSS 7.7
FastGPT SSRF Bypass Cloud Metadata Endpoint via URL Encoding
github.com · 2026-05-09

# Vulnerability Summary: Cloud Metadata Endpoint SSRF Protection Bypass ## Vulnerability Overview The `isInternalAddress()` function in FastGPT, located in `packages/service/common/system/utils.ts`, a…

Read more
CVE-2024-42143: FastGPT code-sandbox Uncontrolled Resource Consumption DoS PoC
github.com · 2026-05-09

# Vulnerability Summary: Uncontrolled Resource Consumption Leading to Sandbox Exhaustion ## Vulnerability Overview - **Vulnerability Name**: Uncontrolled Resource Consumption Leading to Sandbox Exhaus…

Read more
CVSS 3.8
SysReptor SSO/OIDC Configuration Hardening and Auth Bypass Risk
github.com · 2026-05-09

# SysReptor 2026.29 Version Update Security Summary ## Vulnerability Overview This update (2026.29) primarily includes multiple security hardening measures and code quality improvements. Changes relat…

Read more
FastGPT/Laf SSRF Vulnerability (CWE-918) Analysis and POC
github.com · 2026-05-09

# SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation ## Vulnerability Overview An unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Laf workfl…

Read more
CVSS 6.3
FastGPT SSRF Vulnerability in MCP Tool URL Validation
github.com · 2026-05-09

# Vulnerability Summary: Missing URL Validation for Stored MCP Tools in FastGPT ## Vulnerability Overview FastGPT contains a Server-Side Request Forgery (SSRF) vulnerability in the handling of Model C…

Read more
Ray RCE: Arbitrary Code Execution via Arrow Extension Type Deserialization
github.com · 2026-05-09

# [Data] Fix RCE in Arrow extension type deserialization from Parquet #62056 ## Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) - **Root Cause**: During the deserializatio…

Read more
CVSS 6.3
FastGPT MCP Tool URL SSRF Vulnerability Fix
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview The FastGPT project contains a security vulnerability that allows attackers to access internal network resources by crafting malicious requests. This …

Read more
CVSS 6.3
FastGPT Stored SSRF in MCP Tool URL Handling
github.com · 2026-05-09

# FastGPT Stored MCP Tool URL SSRF Vulnerability Summary ## Vulnerability Overview FastGPT contains an inconsistent SSRF (Server-Side Request Forgery) protection flaw in its MCP (Model Context Protoco…

Read more
Ray Multiple Components Vulnerability Fix Advisory (RCE/Serialization)
github.com · 2026-05-09

### Vulnerability Summary #### Overview - **Vulnerability Name**: Vulnerabilities Fixed in Multiple Components - **Affected Components**: Ray Data, Ray Serve, Ray Train, Ray Tune, Ray LLM, Ray RLlib, …

Read more
Ray CVE-2024-2056 RCE via Parquet Cloudpickle Deserialization
github.com · 2026-05-09

### Vulnerability Overview A critical security vulnerability (CVE-2024-2056) has been identified in the Ray project, allowing attackers to execute arbitrary code through crafted Parquet files. This vu…

Read more
Ray Parquet Extension Type Deserialization RCE
github.com · 2026-05-09

# Vulnerability Summary: Parquet Arrow Extension Type Deserialization Remote Code Execution ## Overview When reading Parquet files, the Ray data platform registers custom Arrow extension types (such a…

Read more
Roadiz OIDC nonce not verified leading to ID token replay (CVE-2026-4206)
github.com · 2026-05-09

### Vulnerability Overview **Title**: OpenID Connect nonce generated but not verified — ID token replay attack **Description**: - The `roadiz/openid` package generates an OIDC nonce in `OAuth2LinkGene…

Read more
emlog RCE via Malicious Plugin Upload (CVE-2026-41517) Analysis and Fix
github.com · 2026-05-09

# Vulnerability Summary: emlog Remote Code Execution Vulnerability ## Vulnerability Overview * **Vulnerability Name**: Remote Code Execution via Malicious Plugin Upload * **CVE ID**: CVE-2026-41517 * …

Read more
eMlog log_model.php addLog/updateLog SQL Injection Vulnerability and Fix
github.com · 2026-05-09

# SQL Injection Vulnerability in `addLog()` and `updateLog()` Functions in `log_model.php` ## Vulnerability Overview In the eMlog `log_model.php` file, the `addLog()` and `updateLog()` functions conta…

Read more
SolidCAM-GPPL-IDE XXE and Billion Laughs DoS Vulnerability (CVE-2026-42212)
github.com · 2026-05-09

# SolidCAM-GPPL-IDE Vulnerability Summary ## Vulnerability Overview The SolidCAM Postprocessor IDE extension contains **XML External Entity (XXE)** and **Billion Laughs DoS** vulnerabilities. * **Trig…

Read more
SolidCAM-GPPL-IDE Path Traversal Vulnerability (CVE-2026-42113) and NTLM Hash Leakage Analysis
github.com · 2026-05-09

# Vulnerability Summary: SolidCAM-GPPL-IDE Path Traversal Vulnerability ## Vulnerability Overview In the `anizory/vscode-gppl-ide` extension, the `inc` directive in GPPL post-processor files contains …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.