Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 9.8
nomicdb fix resolveBindAddress empty string handling
github.com · 2026-05-09

### Vulnerability Overview This vulnerability affects the `resolveBindAddress` function in the `cmd/nomicdb/main.go` file. The issue arises when both `cfg.Server.BoltAddress` and `cfg.Server.HTTPAddre…

Read more
Premium intel
CVSS 9.8
NornicDB Bolt Server Improper Network Binding Vulnerability
github.com · 2026-05-09

# NornicDB Bolt Server Improper Network Binding Vulnerability Summary ## Vulnerability Overview In NornicDB Bolt Server, the `--address` CLI flag (and the `NORNICDB_ADDRESS` configuration key) is inco…

Read more
absinthe-graphql CVE-2026-42793 DoS via Unrestricted Atom Allocation
osv.dev · 2026-05-09

# Vulnerability Summary: EEF-CVE-2026-42793 ## Vulnerability Overview - **Vulnerability Name**: EEF-CVE-2026-42793 - **CVSS Score**: 8.2 (High) - **Vulnerability Type**: Allocation of Resources Withou…

Read more
CVE-2026-42793: Erlang Atom Table Exhaustion DoS in absinthe-graphql
cna.erlef.org · 2026-05-09

# Vulnerability Summary: CVE-2026-42793 ## Vulnerability Overview **Vulnerability Name**: Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe **Vulnerability ID**: CVE-2026-427…

Read more
CVE-2026-42794: Reflected XSS in Absinthe GraphiQL via js_escape Backslash Bypass
cna.erlef.org · 2026-05-09

# Vulnerability Summary: CVE-2026-42794 ## Vulnerability Overview * **Vulnerability Name**: Reflected XSS caused by backslash bypass in GraphiQL `js_escape` * **CVE ID**: CVE-2026-42794 * **CVSS Score…

Read more
Absinthe GraphQL js_escape XSS Bypass via Unescaped Backslash
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: XSS Vulnerability in the GraphQL `js_escape` Function - **Description**: The `js_escape` function only escaped newline characters and single quotes…

Read more
dash-uploader File Upload Vulnerability Analysis
github.com · 2026-05-09

### Vulnerability Overview The webpage screenshot displays a GitHub repository named `dash-uploader`, containing a file named `httphandler.py`. This file handles file upload logic and may contain secu…

Read more
CVSS 8.2
i18next-http-middleware Path Traversal/SSRF Vulnerability Analysis
github.com · 2026-05-09

# Vulnerability Summary: Path Traversal / SSRF Vulnerability in i18next-http-middleware ## Vulnerability Overview In `i18next-http-middleware` versions `< 3.9.3`, the `getResourcesHandler` function di…

Read more
CVE-2026-38360: dash-uploader Path Traversal Leading to RCE
github.com · 2026-05-09

# CVE-2026-38360: dash-uploader Path Traversal Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: CVE-2026-38360 * **Severity**: Critical (CVSS 9.8) * **Vulnerability Type**: Path…

Read more
Absinthe GraphQL CVE-2024-23867 Fragment Uniqueness Check DoS Vulnerability and Fix
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: Quadratic fragment-name uniqueness check - **Description**: An attacker can cause the Absinthe backend GraphQL endpoint to perform a fragment name …

Read more
Absinthe GraphQL UniqueFragmentNames Algorithmic Complexity DoS Vulnerability
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves a risk of Algorithmic Complexity attacks when validating unique fragment names in GraphQL documents. An attacker can construct GraphQL documents …

Read more
Absinthe CVE-2026-43967 DoS via Inefficient Algorithm
cna.erlef.org · 2026-05-09

# Vulnerability Summary: CVE-2026-43967 ## Vulnerability Overview * **Vulnerability Name**: Denial of Service caused by inefficient uniqueness check of fragment names in Absinthe * **CVE ID**: CVE-202…

Read more
Absinthe GraphQL DoS via UniqueFragmentNames Validation (CVE-2026-43967)
osv.dev · 2026-05-09

# EEF-CVE-2026-43967 Vulnerability Summary ## Overview - **Vulnerability Name**: Absinthe GraphQL uniqueness check leads to Denial of Service (DoS) - **Vulnerability Type**: Algorithmic Complexity Vul…

Read more
lwjson lwjson_stream.c backslash handling fix
github.com · 2026-05-09

### Vulnerability Overview This vulnerability affects the `lwjson` library, specifically the `lwjson_stream.c` file. The issue stems from improper handling of strings ending with a backslash. This can…

Read more
Integer Overflow in minmea_scan function of minmea library
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview This vulnerability exists in the `minmea_scan` function of the `minmea` library. When parsing GPS data in NMEA 0183 format, if the input data contains…

Read more
Mule lwjson Streaming Parser DoS Vulnerability (CVE-635)
gist.github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Type**: Other - **CVE ID**: CVE-635 - **Affected Component**: `lwjson_stream.c` - **Attack Type**: Context-dependent - **Impact**: Denial of Service (DoS) …

Read more
kosma minmea 0.3.0 Stack Buffer Overflow Vulnerability Analysis
gist.github.com · 2026-05-09

# Vulnerability Summary: minmea Buffer Overflow ## Vulnerability Overview - **Vulnerability Type**: Buffer Overflow - **Description**: A validation function `minmea_isfield` exists that restricts over…

Read more
CVSS 7.4
OpenStack Cyborg Access Control Bypass Vulnerabilities (CVE-2026-40213/40214)
security.openstack.org · 2026-05-09

# OSSA-2026-011: Multiple Access Control Vulnerabilities in Cyborg Accelerator Management ## Vulnerability Overview Sean Mooney from Red Hat reported multiple access control vulnerabilities in OpenSta…

Read more
Beauty Parlour Management System V1.1 SQL Injection Vulnerability
github.com · 2026-05-09

# Beauty Parlour Management System V1.1 SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Type**: SQL Injection (SQLi) - **Vulnerability Location**: `/appointment-detail.php` - *…

Read more
CVSS 7.1
Stored HTML Injection in BraveCMS-2.0 via nl2br() and Unescaped Blade Template
github.com · 2026-05-09

# Vulnerability Summary: Stored HTML Injection in Contact Email via nl2br() + Unescaped Blade Template ## Vulnerability Overview - **Vulnerability Type**: Stored HTML Injection - **Trigger Point**: Co…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.