Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
emlog <2.6.11 Admin CSRF Vulnerability and Fix Implementation
github.com · 2026-05-09

# Vulnerability Summary: emlog Backend Administrative Features Cross-Site Request Forgery (CSRF) ## Vulnerability Overview The emlog backend administrative features (including system registration, plu…

Read more
CVSS 6.5
FlashMQ 1.25.0 Config-Dependent Remote DoS Vulnerability (CVE-2026-42209)
github.com · 2026-05-09

# FlashMQ 1.25.0: Configuration-Dependent Remote Denial of Service Vulnerability (CVE-2026-42209) ## Vulnerability Overview FlashMQ contains a configuration-dependent remote denial of service (DoS) vu…

Read more
CVSS 6.5
MQTT Division by Zero Vulnerability Fix Analysis
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Division by zero error - **Vulnerable Location**: `trySetRetainedMessages` function - **Vulnerability Description**: In the …

Read more
CVSS 6.5
FlashMQ 1.26.1 Security Update: Zero-Divide Crash and Protocol Compliance Fixes
github.com · 2026-05-09

# FlashMQ 1.26.1 Vulnerability Remediation Summary ## Overview FlashMQ 1.26.1 is a version that addresses multiple security issues, primarily concerning protocol compliance, potential crash risks, and…

Read more
CVSS 3.4
Fixing OAuth Auth Failure when Integrating Draw.io with Self-Hosted GitLab
github.com · 2026-05-09

# Vulnerability Summary ## Overview This issue involves an authorization failure when using Draw.io on self-hosted GitLab instances. Users attempting to integrate Draw.io with a private GitLab instanc…

Read more
CVSS 3.4
Draw.io Unvalidated GitLab OAuth URL Parameter Leads to Credential Phishing
github.com · 2026-05-09

# Unvalidated GitLab URL Parameter Redirects OAuth Authorization Flow to Attacker-Controlled Host ## Vulnerability Summary The Draw.io client accepts a `gitlab` URL parameter that overrides the GitLab…

Read more
Premium intel
CVSS 8.8
Avo Framework v3.x Broken Access Control Vulnerability Analysis
github.com · 2026-05-09

# Vulnerability Summary: Broken Access Control in the Avo Framework ## Vulnerability Overview A **Broken Access Control** vulnerability exists in the `ActionsController` of the Avo framework (v3.x). D…

Read more
CVSS 6.5
GHSA-f5c8-m9vw-rmqg: Improper Authorization in nova-toggle for Laravel Nova allowing unauthorized boolean field modifica
github.com · 2026-05-09

# Vulnerability Overview **Title**: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields **Vulnerability ID**: GHSA-f5c8-m9vw-rmqg **Severity**: Moderate (6.5 / 10…

Read more
CVSS 6.2
grid library integer overflow vulnerability and fix
github.com · 2026-05-09

# Vulnerability Summary ## Overview An integer overflow vulnerability exists in the `expand` and `prepend` methods of the `grid` library. When calculating the new dimensions (number of rows or columns…

Read more
CVSS 5.3
RedwoodJS SDK Server Actions SameSite CSRF Vulnerability (CVE-2025-42130)
github.com · 2026-05-09

# Vulnerability Summary: Same-site CSRF in Server Actions ## Overview - **Vulnerability Type**: Cross-Site Request Forgery (CSRF) - **Severity**: Medium (5.3 / 10) - **CVSS Vector**: `CVSS:3.1/AV:N/AC…

Read more
CVSS 6.5
Lemmy SSRF via Unvalidated og:image Leading to Internal Image Disclosure
github.com · 2026-05-09

# SSRF and internal image disclosure in post link metadata via unvalidated og:image ## Vulnerability Overview Lemmy defaults to using the `StoreLinkPreviews` mode when fetching metadata for user-provi…

Read more
CVSS 7.5
Pre-auth DoS in rush SSH keyboard-interactive auth via unbounded allocation (CVE-2024-4218)
github.com · 2026-05-09

### Vulnerability Overview **Title**: Pre-auth DoS via unbounded allocation in keyboard-interactive auth **Description**: A pre-authentication denial-of-service (DoS) vulnerability exists in the keybo…

Read more
CVSS 7.5
Rust SSH library rush DoS vulnerability fix analysis
github.com · 2026-05-09

# Vulnerability Summary ## Overview When parsing the `SSH_MSG_USERAUTH_INFO_RESPONSE` message, there was no restriction on `Vec` allocation or the number of loop iterations. Previously, the response c…

Read more
CVSS 6.3
Lemmy SSRF via Webmention (GHSA-3jvj-v6w2-h948)
github.com · 2026-05-09

# SSRF Vulnerability Summary: /api/v3/post via Webmention Dispatch ## Vulnerability Overview - **Vulnerability Name**: SSRF (Server-Side Request Forgery) - **Vulnerability ID**: GHSA-3jvj-v6w2-h948 - …

Read more
sovity ds-portal-ce-backend Authorization Bypass Vulnerability (CVE-2026-42180)
github.com · 2026-05-09

# Vulnerability Summary: Authorization and Client Enforcement Issues in `ghcr.io/sovity/ds-portal-ce-backend` ## Vulnerability Overview In `ghcr.io/sovity/ds-portal-ce-backend`, there are server-side …

Read more
CVSS 5.3
n8n-mcp Log Injection Vulnerability: Sensitive Data Leakage via HTTP Transport
github.com · 2026-05-09

# Vulnerability Summary: Sensitive Request Data Leakage in n8n-mcp ## Overview In the HTTP transport mode of `n8n-mcp`, request metadata sent to the `POST /mcp` endpoint is written to server logs. Reg…

Read more
Premium intel
CVSS 5.5
Fix: Incorrect Role Assignment in Email-Based Domain Invitations
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves incorrect role assignment for access permissions when roles are created via email. Specifically, while attempting to capture a bug, it was discov…

Read more
Premium intel
CVSS 5.5
CVE-2024-42185: Privilege Escalation in La Suite Numérique people service
github.com · 2026-05-09

### Vulnerability Overview **Vulnerability Name**: Privilege Escalation via Missing Role Ceiling in Mail Domain Invitation **Vulnerability ID**: CVE-2024-42185 **Severity**: Medium (5.5 / 10) **Affect…

Read more
CVSS 4.3
n8n-mcp Log Information Disclosure Vulnerability (GHSA-wq4g-395p-mqv3)
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability ID**: GHSA-wq4g-395p-mqv3 - **Severity**: CVSS 4.3 Medium - **Description**: Raw tool-call arguments from MCP (Model Context Protocol) tool invoca…

Read more
Premium intel
CVSS 6.7
Eruka/scoold CVE-2026-4276 Persistent Admin Takeover via JWT Forgery POC
github.com · 2026-05-09

# Vulnerability Summary: Persistent Admin Takeover in Eruka/Scoold ## Vulnerability Overview **Vulnerability Name**: H-AUTH-002: Persistent Admin Takeover by Overwriting the `admins` Setting **CVE ID*…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.