Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 8.7
BraveCMS-2.0 Stored XSS Vulnerability and Fix Analysis
github.com · 2026-05-09

# Vulnerability Summary ## Overview This vulnerability is a **Stored Cross-Site Scripting (XSS)** issue occurring within `page/article` content. Attackers can inject malicious HTML/JavaScript code int…

Read more
Nhost OAuth Email Verification Bypass Leading to Account Takeover Fix Analysis
github.com · 2026-05-09

### Vulnerability Overview This vulnerability stems from insufficient strictness in OAuth2 providers when handling user email verification. Attackers can exploit unverified emails to merge identities,…

Read more
Nhost Account Takeover via OAuth Email Verification Bypass
github.com · 2026-05-09

### Vulnerability Overview **Vulnerability Name**: Account Takeover via OAuth Email Verification Bypass **Vulnerability Description**: Nhost relies solely on email address matching when automatically …

Read more
Zebra Node DoS via Orchard rk Identity Panic (CVE-2026-XXXXX)
github.com · 2026-05-09

# Vulnerability Summary: rk Identity Point Panic in Transaction Verification ## Vulnerability Overview - **CVE ID**: CVE-2026-XXXXX - **Severity**: Critical (9.2/10) - **CVSS v4 Base Metrics**: - Atta…

Read more
CVE-2026-41563: Zebra Consensus Divergence in Sighash Handling Causes Network Fork
github.com · 2026-05-09

# Vulnerability Summary: Consensus Divergence in Transparent Sighash Hash-Type Handling ## Vulnerability Overview - **CVE ID**: CVE-2026-41563 - **Severity**: Critical (9.3 / 10) - **CVSS Vector**: CV…

Read more
Zebra Block Validator Underestimates Sigops Leading to Network Split (CVE-2026-44498)
github.com · 2026-05-09

# Zcash Zebra Block Validator Underestimates Coinbase and P2SH Signature Count Vulnerability ## Vulnerability Overview Zebra's block validator underestimates transparent signature operations subject t…

Read more
Zebra/zcashd CVE-2026-44497 Consensus Split Vulnerability and POC
github.com · 2026-05-09

# Vulnerability Summary: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer ## Vulnerability Overview - **CVE ID**: CVE-2026-44497 - **Severity**: Critical (9.3 / 10) -…

Read more
Zebra 4.4.0 Security Fixes: GHSA Vulnerabilities and RPC Hardening
github.com · 2026-05-09

### Vulnerability Overview Zebra version 4.4.0 includes multiple security and bug fixes. The primary security issues addressed are: 1. **Fix for signature count vulnerability** (GHSA-jv4h-j224-23cc) 2…

Read more
Dolibarr ERP/CRM SQL Injection in dol_syslog Function
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability Type**: SQL Injection - **Vulnerable Location**: The `dol_syslog` function in the `/htdocs/core/lib/functions.lib.php` file - **Root Cause**: The …

Read more
CVSS 7.2
360 Secure Browser RCE Vulnerability (CVE-2024-4348) with POC
www.wordfence.com · 2026-05-09

# Vulnerability Summary ## Overview **Vulnerability Name**: 360 Secure Browser Remote Code Execution Vulnerability (CVE-2024-4348) **Vulnerability ID**: CVE-2024-4348 **Vulnerability Type**: Remote Co…

Read more
CVSS 8.2
RHSA-2026:14214 Corosync Security Advisory (CVE-2026-35091/35092)
access.redhat.com · 2026-05-09

# RHSA-2026:14214 - Security Advisory ## Vulnerability Summary * **Vulnerability Name**: Corosync Security Update * **Severity**: Moderate * **Vulnerability ID**: * CVE-2026-35091: Corosync: Denial of…

Read more
Premium intel
CVSS 6.5
Yonyou GRP-u8 Database Config Info Disclosure Vulnerability with POC
www.wordfence.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Yonyou GRP-u8 Database Configuration Information Disclosure Vulnerability **Vulnerability Type**: Information Disclosure **Des…

Read more
Langfuse LLM Connection Test Endpoint Authorization Bypass Fix
github.com · 2026-05-08

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves an access control issue with the LLM connection test endpoint in the Langfuse project. Specifically, the `llmApiKeys:creat…

Read more
Langfuse testupdate Endpoint Authorization Bypass Vulnerability
github.com · 2026-05-08

# Vulnerability Summary ## Overview The Langfuse platform has a permission validation flaw in the LLM connection test endpoint (`testupdate`). Attackers can test updating LLM API keys without the `llm…

Read more
Langfuse LLM Connection Test Sensitive Credential Reuse Vulnerability
github.com · 2026-05-08

# Vulnerability Summary ## Overview In the Langfuse project, the system erroneously reuses previously stored sensitive credentials (`secretKey` and `extraHeaders`) when the `baseUrl` for an LLM connec…

Read more
Langfuse SSRF Vulnerability: Missing Secret Key Validation on LLM Base URL Change
github.com · 2026-05-08

# Vulnerability Summary ## Overview The Langfuse platform fails to enforce the provision of a secret key when changing the LLM test base URL, allowing attackers to perform Server-Side Request Forgery …

Read more
Premium intel
CVSS 7.8
PHPUnit PHP -d Parameter INI Injection Vulnerability Analysis
github.com · 2026-05-08

### Vulnerability Overview In PHP, when INI settings are passed to child processes via the `-d` argument, certain special characters (such as `;` and `"`) are not preserved. This can lead to INI direc…

Read more
Premium intel
CVSS 7.8
PHPUnit Argument Injection via Newline in INI Values (CVE-2026-24785)
github.com · 2026-05-08

# PHP Vulnerability Summary: Argument Injection via Newline in PHP INI Values Forwarded to Child Processes ## Vulnerability Overview PHP does not escape meta-characters when forwarding `php.ini` setti…

Read more
Premium intel
CVSS 6.5
PasswordPusher File Upload Authentication Bypass Fix Analysis
github.com · 2026-05-08

# Vulnerability Summary ## Overview **Title**: Security: Fix file upload authentication enforcement (#4381) **Type**: File Upload Authentication Bypass **Description**: In the `PasswordPusher` project…

Read more
dash-uploader Path Traversal Vulnerability Analysis
github.com · 2026-05-08

### Vulnerability Overview The webpage screenshot displays a GitHub repository named `dash-uploader`, which contains a file named `httpprequesthandler.py`. This file contains a potential security vuln…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.