Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 5.4
Vvweb CMS Stored XSS via HTML Upload Bypass
github.com · 2026-05-08

# Vulnerability Summary: Stored Cross-Site Scripting (XSS) in Vvweb CMS ## Vulnerability Overview **Title**: Stored Cross-Site Scripting via HTML File Upload Bypass **Type**: Stored Cross-Site Scripti…

Read more
CVSS 4.7
18next/i18nextify 4.0.8 Patch: Mitigates XSS via Dangerous URL Scheme Injection
github.com · 2026-05-08

# 18next/i18nextify Vulnerability Summary ## Overview This commit fixes a security vulnerability in the **18next/i18nextify** library, primarily addressing potential XSS attack risks caused by injecti…

Read more
Go net/mail CVE-2026-42499 DoS Vulnerability Fix
go.dev · 2026-05-08

# Vulnerability Summary ## Overview - **CVE ID**: CVE-2026-42499 - **Description**: The `consumePhrase` function in the `net/mail` package contains quadratic-complexity string concatenation when proce…

Read more
Go cmd/go Checksum Database Bypass Vulnerability (CVE-2026-42501)
go.dev · 2026-05-08

# cmd/go: Malicious module proxy can bypass checksum database (CVE-2026-42501) ## Vulnerability Overview The `cmd/go` command in the Go programming language has a flaw in its module checksum verificat…

Read more
CVSS 6.5
i18next-http-backend Path Traversal and URL Injection Vulnerability Analysis
github.com · 2026-05-08

# Vulnerability Summary: i18next-http-backend Path Traversal / URL Injection ## Vulnerability Overview **Vulnerability Type**: Path Traversal / URL Injection **Root Cause**: In versions prior to `3.0.…

Read more
Go cmd/pack Directory Traversal Fix
go.dev · 2026-05-08

### Vulnerability Overview - **Vulnerability Title**: `cmd/pack: refuse to extract files with directory components` - **Vulnerability Description**: When running `go tool pack x evil.a`, if the archiv…

Read more
CVSS 6.3
codeastro Online Classroom V1.0 SQL Injection Vulnerability and POC
github.com · 2026-05-08

# Vulnerability Summary: SQL Injection in codeastro Online Classroom V1.0 ## Vulnerability Overview * **Vulnerability Type**: SQL Injection (SQLi) * **Affected Product**: codeastro Online Classroom V1…

Read more
Go html/template XSS Bypass Fix: Empty Script Type Treated as JavaScript (CVE-2026-39826)
go.dev · 2026-05-08

### Vulnerability Overview - **Vulnerability Title**: `html/template: fix escaper bypass by treating empty script type as JavaScript` - **Vulnerability Description**: Fixes an escaper bypass vulnerabi…

Read more
Go net/http/httputil ReverseProxy Bypasses urlmaxqueryparams Limit (CVE-2026-39823)
go.dev · 2026-05-08

### Vulnerability Overview - **Vulnerability Name**: `net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams query parameters` - **Vulnerability ID**: #78948 - **Vulnerabili…

Read more
Go html/template URL Escaping Bypass via Meta Tag Whitespace (CVE-2026-39823)
go.dev · 2026-05-08

### Vulnerability Overview - **Vulnerability Type**: Security Vulnerability - **Vulnerability Description**: When parsing the meta content attribute portion of a URL, the `` tag's "shared declarative …

Read more
Go net/mail consumeComment O(n^2) Complexity Fix
go.dev · 2026-05-08

### Vulnerability Overview This vulnerability involves a quadratic complexity issue in the `consumeComment` function within the `net/mail` package. When parsing nested comments, the function construct…

Read more
Go net/http/httputil ReverseProxy Query Parameter Loss Vulnerability (CVE-2026-39825)
go.dev · 2026-05-08

### Vulnerability Overview In the `net/http/httputil` package, when the `ReverseProxy` forwards requests containing query parameters exceeding the `MaxBytes` limit (default 8600), it re-encodes the ou…

Read more
CVSS 3.3
GDAL GDALFieldInfo Out-of-Bounds Read Vulnerability Analysis
github.com · 2026-05-08

# GDAL GDALFieldInfo Out-of-Bounds Read Vulnerability Summary ## Vulnerability Overview An out-of-bounds read vulnerability exists in the `GDALFieldInfo` class of the GDAL library. This vulnerability …

Read more
CVSS 3.3
GDAL GDALInfo Out-of-Bounds Read via size_t Underflow
github.com · 2026-05-08

# GDAL Vulnerability Summary ## Vulnerability Overview An out-of-bounds read vulnerability exists in GDAL's vendored HDF-EOS library due to a `size_t` underflow. Specifically, the `GDALInfo` function …

Read more
PJPROJECT ssl_sock_gtls.c Certificate Verification Logic Fix
github.com · 2026-05-08

### Vulnerability Overview This vulnerability involves the certificate verification logic in the `ssl_sock_gtls.c` file. Specifically, in certain scenarios, the certificate verification status is inco…

Read more
CVSS 8.1
Budibase JWT Session Cookie Misconfiguration Leading to Account Takeover via XSS
github.com · 2026-05-08

# Vulnerability Summary: Auth session cookie set with httpOnly:false ## Vulnerability Overview Improper configuration of JWT session cookies in the Budibase backend core package (`@budibase/backend-co…

Read more
PJSIP 2.1.7 Multiple Memory Safety Vulnerabilities and Certificate Verification Bypass
github.com · 2026-05-08

### Vulnerability Overview In PJSIP version 2.1.7, multiple security vulnerabilities exist, primarily including buffer overflows, heap buffer overflows, stack buffer overflows, use-after-free conditio…

Read more
Saltcorn Open Redirect Vulnerability (CVE-2024-42259) Analysis and PoC
github.com · 2026-05-08

# Saltcorn Open Redirect Vulnerability (CVE-2024-42259) ## Vulnerability Overview Saltcorn has a flaw in the validation of the `dest` parameter after login. Although the code attempts to prevent open …

Read more
CVSS 7.6
Cross-Portfolio Privilege Escalation in manage.get.gov (Missing Portfolio Validation)
github.com · 2026-05-08

# Vulnerability Summary: Cross-Portfolio Domain Manager Assignment via Missing Portfolio Validation ## Vulnerability Overview A privilege escalation vulnerability exists in the `manage.get.gov` platfo…

Read more
CVSS 5.3
GDAL Heap Buffer Overflow Vulnerability Analysis (#14363)
github.com · 2026-05-08

# GDAL Heap Buffer Overflow Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: #14363 * **Vulnerability Type**: Heap buffer overflow * **Root Cause**: In the `GDInetfields` and `G…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.