Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 4.2
Weblate Password Reset Triggers Unintended API Token Reset Vulnerability Analysis
github.com · 2026-05-07

# Weblate API Token Reset Vulnerability Summary ## Vulnerability Overview In Weblate version 3.7.1, the system triggers an API Token reset when a user resets their password via the "Forgot Password" f…

Read more
Premium intel
CVSS 6.0
CVE-2024-41689: Wallos Webhook SSRF Leading to RCE
github.com · 2026-05-07

# Vulnerability Summary: Shared local webhook allowlist allows low-privilege users to send arbitrary requests to allowlisted internal services ## Vulnerability Overview - **CVE ID**: CVE-2024-41689 - …

Read more
CVSS 4.3
CVE-2026-41687: SSRF CGNAT Bypass in wallios via is_cgnat_ip() Omission
github.com · 2026-05-07

# SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks (CWE-918) ## Vulnerability Overview - **Vulnerability Type**: CWE-918 Server-Side Request Forgery (SSRF)…

Read more
CVSS 8.3
Dagster SQL Injection Vulnerability (CVE-2024-41400) Advisory
github.com · 2026-05-07

# SQL Injection Vulnerability Summary: Database I/O Manager Dynamic Partition Key ## Vulnerability Overview In Dagster's DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers, dynamic partition key …

Read more
CVSS 8.7
RELATE Predictable Token Generation Vulnerability in auth.py/exam.py (CVE-2020-41920)
github.com · 2026-05-07

# Vulnerability Summary: Predictable Token Generation in auth.py and exam.py ## Vulnerability Overview A security vulnerability was identified in the RELATE project involving the use of a non-cryptogr…

Read more
CVSS 6.5
LXC/Incus Instance Restore Nil Pointer Dereference Vulnerability
github.com · 2026-05-07

# Vulnerability Summary: Null Pointer Dereference in LXC/Incus via Malformed YAML ## Vulnerability Overview A null pointer dereference vulnerability exists in the instance restore and import processes…

Read more
CVE-2026-41648: Incus Unbounded YAML Metadata Decode OOM Vulnerability
github.com · 2026-05-07

# Vulnerability Summary: Unbounded YAML Metadata Decode via Parsing ## Vulnerability Overview - **CVE ID**: CVE-2026-41648 - **Severity**: Low - **Description**: User-provided image and backup tarball…

Read more
CVSS 6.1
fast-xml-parser XMLBuilder Comment and CDATA Injection Vulnerability Analysis
github.com · 2026-05-07

# fast-xml-parser XMLBuilder Vulnerability Summary ## Vulnerability Overview In **fast-xml-parser v5.5.12**, the `XMLBuilder` fails to escape the `-->` sequence within comments and the `]]>` sequence …

Read more
CVSS 8.3
Security fix: SQL injection in aggregate API (CWE-89)
github.com · 2026-05-07

# v0.11.4 — Security fix: SQL injection in aggregate API ## Vulnerability Overview - **Vulnerability Name**: SQL Injection in Aggregate API - **Vulnerability ID**: CWE-89, CVSS 8.8 - **Severity**: Hig…

Read more
CVSS 8.3
CVE-2024-41422 SQL Injection Vulnerability Analysis and Fix
github.com · 2026-05-07

# SQL Injection Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: SQL injection via unvalidated `goqu.L()` calls in aggregate API - **CVE ID**: CVE-2024-41422 - **CVSS Score**:…

Read more
CVSS 7.7
Wallos Incomplete Fix for CVE-2026-3399: SSRF via DNS Rebinding
github.com · 2026-05-07

N/A.神龙无法分析-数据量过载

Read more
CVSS 4.3
Incus GHSA-98vh-x9cx-9cfp Unbounded Binary Import Disk Exhaustion Vulnerability
github.com · 2026-05-07

# Vulnerability Summary: Unbounded binary import disk exhaustion (GHSA-98vh-x9cx-9cfp) ## Vulnerability Overview This is an **unbounded binary import disk exhaustion** vulnerability. * **Mechanism**: …

Read more
CVSS 6.5
CVE-2024-41547: LXC Incus S3 Backup Import Nil-Pointer Dereference
github.com · 2026-05-07

# Vulnerability Summary: Nil-Pointer Dereference via S3 Bucket Import ## Vulnerability Overview - **Vulnerability Name**: Nil-Pointer Dereference via S3 Bucket Import - **CVE ID**: CVE-2024-41547 - **…

Read more
Weblate Project Backup Restore SSRF Vulnerability Analysis
github.com · 2026-05-07

# Summary of Weblate Project Backup Restoration Vulnerability ## Vulnerability Overview A security vulnerability exists in Weblate's project backup restoration feature due to a lack of validation for …

Read more
Premium intel
CVSS 9.6
charm.land/wish/v2 SCP Path Traversal Vulnerability (CVSS 9.6) and Fix
github.com · 2026-05-07

# Vulnerability Summary: SCP Path Traversal in charm.land/wish/v2 ## Vulnerability Overview A path traversal vulnerability exists in the SCP middleware of `charm.land/wish/v2`. Malicious SCP clients c…

Read more
CVSS 5.3
OpenTelemetry Zipkin Exporter Memory Leak Fix (DoS Prevention)
github.com · 2026-05-07

### Vulnerability Overview The webpage screenshot displays a Pull Request (PR) for the `Exporter.Zipkin` module within the `OpenTelemetry` project. The primary objective is to address memory usage iss…

Read more
CVSS 5.3
OpenTelemetry .NET OneCollector Response Body Size Limit Fix (DoS Prevention)
github.com · 2026-05-07

# [OneCollector] Limit response body read size #4117 ## Vulnerability Overview This Pull Request fixes an issue in the `OneCollector` component where the length of the HTTP response body was not limit…

Read more
CVSS 5.3
OpenTelemetry.Exporter.OneCollector Unbounded Response Body OOM Vulnerability
github.com · 2026-05-07

# OneCollector Exporter Unbounded HTTP Response Body Read Vulnerability ## Vulnerability Overview When using the `OpenTelemetry.Exporter.OneCollector` exporter to send telemetry data to a backend/coll…

Read more
CVSS 5.3
CVE-2024-41417: Netty DefaultHttpRequest.setUri() Request Line Injection
github.com · 2026-05-07

# Vulnerability Summary: Start-Line Injection Caused by DefaultHttpRequest.setUri() ## Vulnerability Overview Netty allows bypassing request-line validation. When a `DefaultHttpRequest` or `DefaultFul…

Read more
CVSS 5.4
PhpSpreadsheet HTML Writer XSS via Number Format Bypass
github.com · 2026-05-07

# XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer ## Vulnerability Overview In PhpSpreadsheet's HTML writer, when a cell contains a custom number format (su…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.