Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 8.7
zrok WebDAV Backend Symlink Following Allows Host Filesystem Read/Write (CVE-2026-42275)
github.com · 2026-05-08

# WebDAV Drive Backend Follows Symlinks Outside DriveRoot, Leading to Host File System Read/Write Vulnerability ## Vulnerability Overview - **Vulnerability Name**: WebDAV drive backend follows symlink…

Read more
Premium intel
CVSS 9.6
Electron shell.openExternal Unvalidated Protocol Arbitrary Protocol Execution
github.com · 2026-05-08

# Vulnerability Summary: Unvalidated `shell.openExternal` in Electron Leads to Arbitrary Protocol Execution ## Overview The terminal hyperlink handler in Electron passes URLs clicked by the user direc…

Read more
CVSS 8.4
Electerm Path Traversal RCE via runWidget (CVE-2026-43940)
github.com · 2026-05-08

# Vulnerability Overview **Vulnerability Title**: Path traversal in electerm runWidget leads to arbitrary code execution **CVE ID**: CVE-2026-43940 **CVSS v3 Score**: 9.4 / 10 **Severity**: High **Rep…

Read more
Premium intel
CVSS 7.8
Electron open-file Command Injection Fix Analysis
github.com · 2026-05-08

### Vulnerability Overview This vulnerability involves improvements to the `open-file` function within the `electron` project. Specifically, the issue lies in how file paths are handled, which could a…

Read more
electerm Deep Link Config Override Vulnerability Fix Analysis
github.com · 2026-05-08

### Vulnerability Overview This vulnerability affects the `parse-quick-connect.js` file in the `electerm` project. The issue, described as “Deep link support prop check,” arises from insufficient secu…

Read more
Electerm Arbitrary Local Code Execution via Deep Links/CLI (CVE-2020-43944)
github.com · 2026-05-08

# Vulnerability Overview - **Vulnerability Name**: Arbitrary local code execution via deep links/CLI in electerm - **Vulnerability Description**: Attackers can trigger arbitrary local code execution v…

Read more
RCE via Path Traversal in session-local.js exec function
github.com · 2026-05-08

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves insufficient security checks on the path parameter of the `exec` function in the `src/app/server/session-local.js` file, a…

Read more
CVSS 7.3
SUP Online Shopping V1.0 /admin/message.php SQL Injection Vulnerability
github.com · 2026-05-08

# sourcecodester SUP Online Shopping Project V1.0 /admin/message.php SQL injection #11 ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: SUP Online Shopping V1.…

Read more
CVSS 4.1
CVE-2025-44298: Kimai Invoice PDF Renderer Arbitrary File Read
github.com · 2026-05-08

# Vulnerability Summary: Arbitrary File Read in Invoice PDF Renderer (admin) ## Vulnerability Overview This vulnerability exists in the `kimai/kimai` project. Users with the `System-Admin` role and th…

Read more
CVSS 7.3
Pre-Authentication SQL Injection in FilePress Shares filelist API
github.com · 2026-05-08

# [Security] Pre-Authentication SQL Injection in Shares filelist API #70 ## Vulnerability Summary A critical SQL injection vulnerability exists in the `filelist` API endpoint of the `shares` module in…

Read more
CVSS 7.3
DzzOffice Pre-Auth SQL Injection in Share Endpoints (CVSS 9.8)
github.com · 2026-05-08

# Vulnerability Summary ## Overview * **Vulnerability Type**: SQL Injection (SQLi) * **Severity**: Critical * **Authentication Required**: None (Pre-auth) * **Attack Vector**: Network/Remote * **CVSS …

Read more
CVSS 7.3
Pre-Auth SQL Injection in FilePress Shares filelist API
github.com · 2026-05-08

# [Security] Pre-Authentication SQL Injection in Shares filelist API ## Vulnerability Overview The `filelist` API endpoint in FilePress contains a critical SQL injection vulnerability. The `order` par…

Read more
CVSS 7.3
Discuz!X in_array weak type comparison bypass fix
github.com · 2026-05-08

# Vulnerability Summary ## Overview This commit addresses a security issue regarding type comparison within the `in_array()` function. The original code utilized loose type comparison (the default beh…

Read more
CVSS 2.4
Unauthenticated XSS in SourceCodester Pharmacy Sales and Inventory System V1.0
github.com · 2026-05-08

# Vulnerability Summary ## Overview * **Vulnerability Type**: Cross-Site Scripting (XSS) * **Affected Product**: sourcecodester Pharmacy Sales and Inventory System Project V1.0 * **Vulnerability Locat…

Read more
CVSS 7.3
SUP Online Shopping V1.0 replymsg.php SQL Injection Vulnerability and POC
github.com · 2026-05-08

### 漏洞概述 - **漏洞名称**: sourcecodester SUP Online Shopping Project V1.0 /admin/replymsg.php SQL injection #12 - **漏洞类型**: SQL注入 - **根因**: 在“SUP Online Shopping”项目的 `/admin/replymsg.php` 文件中,攻击者可以通过 `msgI…

Read more
CVSS 7.3
SUP Online Shopping V1.0 wishlist.php Unauthenticated SQL Injection Analysis
github.com · 2026-05-08

# Vulnerability Summary: sourcecodester SUP Online Shopping Project V1.0 wishlist.php SQL Injection ## Vulnerability Overview * **Vulnerability Type**: SQL Injection (SQLi) * **Affected Product**: SUP…

Read more
CVSS 7.3
SQL Injection in codeastro Leave Management System V1.0
github.com · 2026-05-08

# Vulnerability Summary: SQL Injection in codeastro Leave Management System V1.0 ## Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: codeastro Leave Management System V1.0 * **…

Read more
Premium intel
CVSS 7.3
Pre-Auth SQL Injection in SUP Online Shopping V1.0 (viewmsg.php)
github.com · 2026-05-08

# Vulnerability Summary: SQL Injection in sourcecodester SUP Online Shopping Project V1.0 ## Vulnerability Overview * **Vulnerability Type**: SQL Injection (SQLi) * **Affected Product**: SUP Online Sh…

Read more
CVSS 6.3
eladmin Privilege Escalation: Bypassing Authorization to Create Admin Users
github.com · 2026-05-08

# Vulnerability Summary: Privilege Escalation via Unauthorized Administrator Creation in eladmin ## Vulnerability Overview In the `eladmin` system, the `UserController.createUser` interface contains a…

Read more
CVSS 4.3
NSSF Crash via Oversized snssais Parameter (PoC Included)
github.com · 2026-05-08

# Vulnerability Summary ## Overview - **Title**: [Bug]: NSSF crash on GET /nssf-nselection/v2/network-slice-information with oversized snssais #4436 - **Status**: Open - **Labels**: triage - **Descrip…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.