Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 10.0
CVE-2025-6281 Gotenberg ExifTool stdin Argument Injection via Metadata Newlines
github.com · 2026-05-07

# ExifTool stdin Parameter Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization…

Read more
CVSS 7.8
OpenClaw dotenv workspace env var injection fix
github.com · 2026-05-07

### Vulnerability Overview A security flaw exists in the loading logic for workspace environment variables (prefixed with `OPENCLAW`) in the `dotenv` library. Untrusted workspaces (such as `.env` file…

Read more
MasaCMS Open Redirect Vulnerability via Double Slash Handling
github.com · 2026-05-07

# MasaCMS Open Redirect Vulnerability (// Handling) ## Vulnerability Overview MasaCMS contains an open redirect vulnerability due to a flaw in the handling of scheme-relative URLs. The application inc…

Read more
CSRF Vulnerability in Masa CMS Content Restoration
github.com · 2026-05-07

# CSRF vulnerability in content restoration ## Vulnerability Overview A CSRF vulnerability exists in the content restoration feature of Masa CMS. This vulnerability is inherited from the upstream Mura…

Read more
CVE-2024-0197: Incus Custom Volume Import Null Pointer Dereference DoS
github.com · 2026-05-07

# Vulnerability Summary: Nil-Pointer Dereference via Custom Volume Import ## Vulnerability Overview - **CVE ID**: CVE-2024-0197 - **Severity**: Medium (6.5 / 10) - **CVSS Vector**: CVSS:3.1/AV:N/AC:L/…

Read more
Premium intel
CVSS 9.8
Feishu Webhook Card-Action Replay Guard Fix
github.com · 2026-05-07

### Vulnerability Overview This vulnerability involves the reinforcement of replay guards for Feishu webhooks. The specific issue is that missing or empty tokens during the processing of `card-action`…

Read more
CVE-2024-40195: Incus Nil-Pointer Dereference DoS Vulnerability with POC
github.com · 2026-05-07

# Vulnerability Summary: Nil-Pointer Dereference Panic via Bucket Metadata ## Vulnerability Overview - **CVE ID**: CVE-2024-40195 - **Severity**: Moderate (6.5 / 10) - **CVSS v3 Base Metrics**: - Atta…

Read more
Masa CMS CSRF Vulnerability in Site Bundle Creation (CVE-2025-55048)
github.com · 2026-05-07

# CSRF Vulnerability in Site Package Creation ## Vulnerability Overview Masa CMS contains a critical Cross-Site Request Forgery (CSRF) vulnerability in its site package creation feature, inherited fro…

Read more
MasaCMS CSRF Vulnerability in User Address Management
github.com · 2026-05-07

# MasaCMS CSRF Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: CSRF (Cross-Site Request Forgery) - **Severity**: High (7.1 / 10) - **Description**: The user address managemen…

Read more
CVSS 5.3
OpenShell Sandbox Path Traversal Vulnerability Fix
github.com · 2026-05-07

# Vulnerability Summary ## Vulnerability Overview OpenShell Sandbox contains a path traversal vulnerability. Attackers can bypass sandbox restrictions by crafting malicious `writeFile` requests using …

Read more
CVSS 4.3
Fix for path validation flaw in memory core module with test cases
github.com · 2026-05-07

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves improper validation of file paths when reading memory files, allowing attackers to read arbitrary files by constructing ma…

Read more
Premium intel
CVSS 8.8
Matrix DM Pairing Store Authorization Bypass Fix
github.com · 2026-05-07

### Vulnerability Overview This vulnerability involves DM (Direct Message) pairing storage entries in the Matrix protocol, which are used to authorize room control commands. An attacker can bypass nor…

Read more
Premium intel
CVSS 9.8
OpenClaw Feishu Webhook Signature Verification Bypass Fix
github.com · 2026-05-07

# Feishu webhook and card-action validation now fail closed ## Vulnerability Overview OpenClaw's Feishu webhook mode incorrectly accepted cases missing the `encryptKey` configuration and blank card-ac…

Read more
Premium intel
CVSS 8.8
Matrix Room Auth Logic Flaw Fix: Skipping Pairing Store Read
github.com · 2026-05-07

### Vulnerability Overview This vulnerability involves the Matrix platform, where incorrect skipping of pairing store reads may lead to room authentication credentials being erroneously used for other…

Read more
OpenMRS Module Upload Zip Slip Path Traversal Leading to RCE
github.com · 2026-05-07

# OpenMRS Module Upload Path Traversal Vulnerability (Zip Slip) Summary ## Vulnerability Overview The OpenMRS module upload interface contains a path traversal vulnerability (Zip Slip). Attackers can …

Read more
Premium intel
CVSS 8.8
Vveb CMS Unauthenticated Reflected XSS Vulnerability Analysis
github.com · 2026-05-07

# Vulnerability Summary: Unauthorized Reflected Cross-Site Scripting Vulnerability in Vveb CMS ## Vulnerability Overview The visual editor preview renderer in Vveb CMS does not enforce authentication …

Read more
CVSS 5.3
CVE-2024-41931: Vvweb Pre-Auth PHP Stack-Trace and Source-Code Disclosure
github.com · 2026-05-07

# Vulnerability Summary: Pre-authentication PHP Stack-Trace and Source-Code Disclosure via DEBUG=true ## Vulnerability Overview - **Vulnerability Name**: Pre-authentication PHP Stack-Trace and Source-…

Read more
Jupyter Notebook Stored XSS (CVE-2026-40171) Steals Auth Tokens via Help Extension
github.com · 2026-05-07

# Vulnerability Overview **Title**: Command linker attributes chained with help command enable one-click authentication token theft **CVE ID**: CVE-2026-40171 **Severity**: High (8.4 / 10) **Descripti…

Read more
Premium intel
CVSS 9.8
Vveb CMS 1.0.8 Unauthenticated phpMyAdmin Access and Database Dump
github.com · 2026-05-07

# Unauthenticated phpMyAdmin (auth_type=config) Leads to Full Database Read/Write and Bcrypt Hash Dump ## Vulnerability Overview In Vveb CMS version 1.0.8, the upstream Docker configuration file (`doc…

Read more
Premium intel
CVSS 9.8
Vveb 1.0.8.2 Security Update: RCE, XSS, and Privilege Bypass Fixes
github.com · 2026-05-07

# Vveb 1.0.8.2 Security Update Summary ## Vulnerability Overview Version 1.0.8.2 of Vveb addresses multiple security vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS),…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.