Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 4.3
n8n-mcp Credential Log Leakage in HTTP Mode (CWE-532)
github.com · 2026-05-09

# Sensitive MCP Tool Call Parameters Logged in HTTP Mode ## Vulnerability Overview When `n8n-mcp` runs in HTTP transport mode, the full arguments and JSON-RPC parameters of authenticated MCP tool call…

Read more
Authenticated SSRF in n8n-mcp (CVE-2026-44894): Impact and Mitigation
github.com · 2026-05-09

# Vulnerability Summary: Authentication-based SSRF in n8n-mcp ## Vulnerability Overview **Title**: Authenticated SSRF in n8n-mcp webhook and API client paths **CVE ID**: CVE-2026-44894 **Severity**: H…

Read more
CVSS 6.2
OpenMcdf CFB Directory Cycle Denial of Service Vulnerability
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: Infinite loop denial of service caused by a cycle in the constructed CFB directory - **Vulnerability Description**: When processing Compound File B…

Read more
CVSS 6.2
OpenMdf DirectoryTreeEnumerator Directory Tree Loop Detection Fix
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves directory tree cycle detection issues. In the `DirectoryTreeEnumerator` class, if a cycle exists within the directory tree, the program throws an…

Read more
Crypt::PasswdMD5 Perl Module Password Hashing Security Advisory
metacpan.org · 2026-05-09

### Vulnerability Overview The web screenshot displays code for the Perl module `Crypt::PasswdMD5`, which is used to generate MD5-based password hashes. The code contains a potential security issue: w…

Read more
CVSS 8.2
i18next-fs-backend Path Traversal Vulnerability (CVE-2026-41693) Advisory
github.com · 2026-05-09

# Vulnerability Summary: i18next-fs-backend Path Traversal Vulnerability ## Overview In `i18next-fs-backend` versions prior to 2.6.4, the `lng` and `ns` options were directly interpolated into the con…

Read more
CVSS 8.6
HTTP Response Splitting and DoS in i18next-http-middleware (CVE-2026-41683)
github.com · 2026-05-09

# i18next-http-middleware Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: HTTP response splitting and DoS in i18next-http-middleware via unsanitised Content-Language header **S…

Read more
Premium intel
CVSS 10.0
OpenVPN openvpn-auth-oauth2 Plugin Logic Vulnerability (Unauthenticated Access)
github.com · 2026-05-09

# Vulnerability Summary ## Overview A logical vulnerability exists in the `openvpn-auth-oauth2` plugin for OpenVPN. When a client does not support WebAuthn, the plugin returns `FUNC_SUCCESS`, allowing…

Read more
Premium intel
CVSS 10.0
OpenVPN openvpn-auth-oauth2 Plugin Unauthenticated Access Vulnerability (CVSS 10.0)
github.com · 2026-05-09

# Unauthenticated Access Vulnerability Caused by OpenVPN Plugin Returning FUNC_SUCCESS ## Vulnerability Overview When `openvpn-auth-oauth2` is deployed in experimental plugin mode, clients that do not…

Read more
PostgreSQL Go Driver SQL Sanitizer Bypass via Dollar Quotes and Placeholder Overflow
github.com · 2026-05-09

# Vulnerability Summary: PostgreSQL SQL Sanitizer Overflow Vulnerability ## Overview PostgreSQL’s SQL sanitizer contains logic errors when processing queries that include dollar-quoted strings and pla…

Read more
CVSS 6.5
i18next-locize-backend Path Traversal and URL Injection Vulnerability (CVE-2026-41885)
github.com · 2026-05-09

# Vulnerability Summary: Path Traversal / URL Injection Vulnerability in i18next-locize-backend ## Overview In `i18next-locize-backend` versions **< 9.0.2**, the `lng`, `ns`, `projectId`, and `version…

Read more
CVSS 4.9
Flarum Custom LESS Bypass Leading to LFI/SSRF Fix
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves the custom LESS settings within the Flarum framework. An attacker can bypass restrictions by using `@import` and `data:uri` in custom LESS settin…

Read more
Premium intel
CVSS 8.6
i18next-http-middleware Prototype Pollution Vulnerability Analysis
github.com · 2026-05-09

# i18next-http-middleware Prototype Pollution Vulnerability Summary ## Vulnerability Overview A prototype pollution vulnerability exists in `i18next-http-middleware` versions **< 3.9.3**. Attackers ca…

Read more
CVSS 4.9
Flarum Theme Color Path Traversal Vulnerability (CVE-2023-27577) Analysis and Fix
github.com · 2026-05-09

# Vulnerability Summary: Path Traversal in Flarum Theme Color Settings ## Vulnerability Overview - **Vulnerability Name**: Path traversal in LESS parser via theme color settings (CVE-2023-27577) - **V…

Read more
CVSS 6.4
Marko XSS Vulnerability: Case-Insensitive Tag Bypass in Script/Style Tags
github.com · 2026-05-09

# XSS via case-insensitive `` / `` bypass with unsafe text interpolation within `` / `` tags ## Vulnerability Overview Marko's runtime fails to prevent tag breaking when closing tags are written in no…

Read more
Premium intel
CVSS 8.1
Omnifaces CVE-2025-41883: EL Injection via Wildcard CDN Mapping Leading to RCE
github.com · 2026-05-09

# Vulnerability Overview **Title**: EL injection via crafted resource name in wildcard CDN mapping **CVE ID**: CVE-2025-41883 **CVSS Score**: 8.1 / 10 (High) **Affected Package**: `org.omnifaces:omnif…

Read more
CVSS 7.5
locize SDK Cross-Site Scripting (XSS) Vulnerability (CVE-2026-41886) Analysis
github.com · 2026-05-09

# locize InContext Editor SDK Cross-Site Scripting (XSS) Vulnerability Summary ## Vulnerability Overview **Title**: Cross-origin DOM XSS / handler hijack via missing e.origin validation in locize InCo…

Read more
CVSS 5.3
Path Traversal Vulnerability Fix Analysis and POC in PHP App
github.com · 2026-05-09

# Vulnerability Summary ## Overview This vulnerability involves a Path Traversal issue, allowing attackers to access arbitrary files on the server by crafting malicious requests. Specifically, in the …

Read more
CVSS 5.3
novaGallery Unauthorized Path Traversal Vulnerability Analysis
github.com · 2026-05-09

# Vulnerability Summary: novaGallery Unauthorized Path Traversal Vulnerability ## Vulnerability Overview A path traversal vulnerability was identified in novaGallery (Free and Pro versions) 2.1.0 and …

Read more
Absinthe GraphQL Parser Unbounded Atom Creation DoS (CVE-2024-42793)
github.com · 2026-05-09

### Vulnerability Overview **Title**: Unbounded atom creation from parsed directive name **Description**: When Absinthe parses a GraphQL SDL document, each `directive ` definition is converted into a …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.