Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.3
GDAL Heap Buffer Overflow in GDalInfoFields
github.com · 2026-05-08

# GDAL Heap Buffer Overflow Vulnerability Summary ## Vulnerability Overview A heap buffer overflow vulnerability exists in GDAL's vendored HDF-EOS library. The issue arises in the `GDalInfoFields` fun…

Read more
CVSS 5.3
GDAL HDF4 Heap Buffer Overflow Fix Analysis
github.com · 2026-05-08

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Heap buffer overflow - **Related Issue**: [GDAL Issue #14363](https://github.com/OSGeo/gdal/issues/14363) - **Submitter**: r…

Read more
Premium intel
CVSS 9.1
CVE-2026-41902: FreeScout Invite Hash Never Expires Leading to Unauthenticated Account Takeover
github.com · 2026-05-08

# Vulnerability Summary: User invitation hash never expires ## Vulnerability Overview **CVE-2026-41902** * **Severity**: Critical (CVSS 9.1/10) * **Description**: The `/user/setup/{hash}` endpoint in …

Read more
Premium intel
CVSS 7.8
NotepadNext Lua Code Injection Vulnerability and Fix
github.com · 2026-05-08

# NotepadNext Lua Code Injection Vulnerability Summary ## Vulnerability Overview NotepadNext contains a Lua code injection vulnerability. Attackers can execute arbitrary Lua code through malicious fil…

Read more
CVSS 7.1
FreeScout Customer Change Authorization Bypass Vulnerability
github.com · 2026-05-08

# Vulnerability Summary: Conversation Change-Customer Cross-Mailbox Authorization Bypass ## Vulnerability Overview This vulnerability exists in the "Change Customer" feature of FreeScout. Although the…

Read more
CVSS 5.4
CVE-2025-48472: IDOR Vulnerability Allows Modifying Any User's Notification Subscriptions
github.com · 2026-05-08

# Vulnerability Summary: IDOR: PERM_EDIT_USERS allows modifying any user's notification subscriptions (CVE-2025-48472) ## Vulnerability Overview This is an **Insecure Direct Object Reference (IDOR)** …

Read more
Premium intel
CVSS 8.8
GitPython Command Injection via Keyword Argument Bypass Analysis
github.com · 2026-05-08

# GitPython Command Injection Vulnerability Summary ## Vulnerability Overview GitPython contains a command injection vulnerability. Although GitPython blocks dangerous Git options (such as `--upload-p…

Read more
Premium intel
CVSS 7.8
NotepadNext v0.14 Fixes CVE-2026-42214: Arbitrary Code Execution via Lua Injection
github.com · 2026-05-08

### Vulnerability Overview - **Vulnerability Name**: Fix Arbitrary Code Execution via Lua Injection in Filename Extension Handling - **CVE ID**: CVE-2026-42214 - **Description**: Arbitrary code execut…

Read more
Premium intel
CVSS 8.8
GitPython 3.1.47 Security Release: Fixes for GHSA-rpm5-65cw-6h4 and GHSA-x2qx-6953-8485
github.com · 2026-05-08

### Vulnerability Overview - **Version**: 3.1.47 - **Release Date**: 2 weeks ago - **Main Updates**: Includes security fixes ### Scope of Impact - **GHSA-rpm5-65cw-6h4**: Affects certain functionaliti…

Read more
CVSS 7.6
FreeScout Stored XSS in Auto-reply (<1.8.217) with POC and Fix
github.com · 2026-05-08

# Vulnerability Summary: Stored XSS in FreeScout Email Auto-Reply ## Vulnerability Overview A Stored Cross-Site Scripting (Stored XSS) vulnerability exists in the email auto-reply (Auto-reply) feature…

Read more
Premium intel
CVSS 7.8
NotepadNext CVE-2026-4214 Lua Code Injection Vulnerability and PoC
github.com · 2026-05-08

# Vulnerability Summary: NotepadNext Code Injection Vulnerability ## Vulnerability Overview * **Vulnerability Name**: Arbitrary Code Execution (Lua Injection) in NotepadNext Filename Extension Handlin…

Read more
CVSS 7.7
FreeScout SSRF Vulnerability: Redirect Destination Not Re-validated Allows Cloud Metadata Access
github.com · 2026-05-08

### Vulnerability Overview - **Vulnerability Name**: SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access - **Vulnerability Descrip…

Read more
Premium intel
CVSS 8.1
GitPython <=3.1.44 Input Validation Bypass via shlex.split
github.com · 2026-05-08

# GitPython Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Unsafe option check validates multi_options before shlex.split transforms it - **Vulnerability Description**: In t…

Read more
Hikvision XM530 ONVIF Authentication Bypass Vulnerability (XM-SN-XMSRC26001)
www.xiongmaitech.com · 2026-05-08

# XM530 X6-WEQ ONVIF Authentication Security Vulnerability Summary ## Vulnerability Overview * **Vulnerability Title**: XM530 X6-WEQ ONVIF Authentication Security Vulnerability * **Vulnerability ID**:…

Read more
Premium intel
CVSS 7.8
GitPython CVE-2026-44244: Newline Injection RCE via config_writer
github.com · 2026-05-08

# GitPython Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Newline injection in `config_writer().set_value()` enables RCE via `core.hooksPath` **CVE ID**: CVE-2026-44244 **CVS…

Read more
CVSS 5.3
GDAL HDF-EOS SWinqdims Heap Buffer Overflow via Unbounded strcat
github.com · 2026-05-08

# Vulnerability Overview **Title**: Heap buffer overflow in `SWinqdims` via unbounded `strcat` on caller-allocated buffer #14356 **Vulnerability Type**: Heap Buffer Overflow **Root Cause**: In HDF-EOS…

Read more
GitPython CVE-2025-44243 Path Traversal Vulnerability Analysis and Fix
github.com · 2026-05-08

# GitPython Path Traversal Vulnerability Summary ## Vulnerability Overview The Reference APIs in GitPython contain a path traversal vulnerability. Attackers can write to, overwrite, move, or delete fi…

Read more
CVSS 7.3
Unauthenticated SQL Injection in Pharmacy Sales and Inventory System V1.0
github.com · 2026-05-08

# Vulnerability Summary: SQL Injection in sourcecodester Pharmacy Sales and Inventory System V1.0 ## Vulnerability Overview * **Affected Product**: Pharmacy Sales and Inventory System V1.0 * **Vulnera…

Read more
CVSS 5.3
GDAL HDF4 Heap Buffer Overflow Fix Analysis (Issue #14356)
github.com · 2026-05-08

# Vulnerability Summary ## Overview - **Vulnerability Type**: Heap Buffer Overflow / Null Pointer Dereference - **Vulnerability ID**: GDAL Issue #14356 - **Fix Commit**: Commit 9491e79 - **Fix Branche…

Read more
CVSS 5.3
GDAL < 3.12.4 Security Vulnerability Advisory
github.com · 2026-05-08

### Vulnerability Overview GDAL (Geospatial Data Abstraction Library) is an open-source geospatial data abstraction library used for processing raster and vector geospatial data formats. A security vu…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.