Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 8.8
Vvveb CMS CVE-2024-41934 Authenticated RCE via .htaccess Override
github.com · 2026-05-07

# Vulnerability Summary: Authenticated RCE via 'editor/code/save' `.htaccess` Override ## 1. Vulnerability Overview **Vulnerability Name**: Authenticated RCE via 'editor/code/save' `.htaccess` Overrid…

Read more
Premium intel
CVSS 8.8
Authenticated RCE via editor/code/save interface: Analysis and Patch
github.com · 2026-05-07

# Vulnerability Summary ## Overview - **Vulnerability ID**: GHSA-vfjj-gc48-x248 - **Vulnerability Type**: Authenticated Remote Code Execution (Authenticated RCE) - **Vulnerable Endpoint**: `editor/cod…

Read more
Premium intel
CVSS 8.1
Vveb gvizanz Authenticated XXE Vulnerability (CVE-2024-41936) Leading to Privilege Escalation
github.com · 2026-05-07

# Vulnerability Summary: Authenticated XXE in `tools/import` in gvizanz/Vveb ## 1. Vulnerability Overview **Vulnerability Name**: Authenticated XXE in `tools/import` Reaches Site_admin → Arbitrary Fil…

Read more
Premium intel
CVSS 8.1
GHSA-rfxr-8xpm-wrp7: Fix XXE by removing LIBXML_NOENT/NONET options
github.com · 2026-05-07

### Vulnerability Overview - **Vulnerability Type**: Code Injection Vulnerability - **Vulnerability Description**: In the `system/import/xml.php` file, the `export()` function contains a code injectio…

Read more
Premium intel
KEV
PAN-OS User-ID Captive Portal Buffer Overflow Vulnerability (CVE-2026-0300) Analysis
security.paloaltonetworks.com · 2026-05-07

# CVE-2026-0300 PAN-OS User Authentication Portal Buffer Overflow Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: PAN-OS: Unauthenticated User-Initiated User-ID™ Authenticati…

Read more
Premium intel
CVSS 8.1
Vvweb <1.0.8.2 XXE Vulnerability (CVE-2026-41936) Advisory
www.vulncheck.com · 2026-05-07

# Vvweb < 1.0.8.2 XML External Entity Injection Vulnerability ## Vulnerability Overview Vvweb versions prior to 1.0.8.2 contain an XML External Entity (XXE) injection vulnerability. This vulnerability…

Read more
CVSS 6.7
RHSA-2026:14162 Red Hat OpenTelemetry Security Advisory (CVE-2026-4878/41602/32280/32283/2911)
access.redhat.com · 2026-05-07

# RHSA-2026:14162 - Security Advisory Summary ## Vulnerability Overview Red Hat has released OpenTelemetry version 3.9.3, which addresses multiple security vulnerabilities: 1. **Race Condition in libc…

Read more
Premium intel
CVSS 7.5
RHSA-2026:13812 RHEL-8 Base Image Security Update (CVE-2025/2026)
access.redhat.com · 2026-05-07

# RHSA-2026:13812 - Security Advisory Summary ## Vulnerability Overview This advisory concerns security updates for RHEL-8 base middleware container images, aimed at addressing the following security …

Read more
Chrome 148 Security Update: 127 Vulnerabilities Fixed and CVE List
chromereleases.googleblog.com · 2026-05-07

# Chrome 148 Security Vulnerability Summary ## Vulnerability Overview The stable update for Chrome 148.0.7778.96 includes **127 security fixes** covering high-severity vulnerabilities such as integer …

Read more
Python mistune library potential XSS vulnerability analysis and fix
github.com · 2026-05-07

### Vulnerability Overview The webpage screenshot displays the source code file `helpers.py` of the Python library `mistune`. The file contains multiple regular expressions and functions used for pars…

Read more
ReDoS Vulnerability in mistune LINK_TITLE_RE Regex
github.com · 2026-05-07

# ReDoS Vulnerability Summary: LINK_TITLE_RE ## Vulnerability Overview The `LINK_TITLE_RE` regular expression in the `lepture/mistune` library contains a **Regular Expression Denial of Service (ReDoS)…

Read more
Rucio postgres_meta Plugin SQL Injection Vulnerability (CVE-2026-29090) Analysis
github.com · 2026-05-07

# SQL Injection Vulnerability Summary: External PostgreSQL Metadata Plugin via DID Search API ## Vulnerability Overview - **Vulnerability Type**: SQL Injection (CWE-89) - **Vulnerability Description**…

Read more
CVSS 4.9
Keycloak Signed JWT Client Auth Token Expiration Bypass Vulnerability
github.com · 2026-05-07

# Keycloak Vulnerability Summary ## Vulnerability Overview There is a security vulnerability in Keycloak's Signed JWT client authentication that allows attackers to bypass authentication by constructi…

Read more
CVSS 7.1
Keycloak IdP Email Change Verification Email Bypass
github.com · 2026-05-07

# Vulnerability Summary ## Vulnerability Overview Keycloak has a security configuration issue: when an administrator manually modifies a user's email address via an IDP (Identity Provider) review proc…

Read more
CVSS 7.1
Keycloak Review Profile Phishing Vulnerability and Fix
github.com · 2026-05-07

# Keycloak Vulnerability Summary: Review Profile Leads to User Phishing Attacks ## Vulnerability Overview In Keycloak’s "Review Profile" feature, when a user logs in for the first time via social logi…

Read more
CVSS 6.5
Keycloak DoS Vulnerability (CVE-2024-10270) Analysis and POC
github.com · 2026-05-07

### Vulnerability Overview - **Vulnerability Name**: Keycloak Denial of Service (CVE-2024-10270) - **Vulnerability ID**: #35218 - **Author**: Douglas Palmer - **Submission Date**: November 22, 2024 - …

Read more
CVSS 5.4
Keycloak JWT Access Token Wrong Organization Claim Assignment Fix
github.com · 2026-05-07

# Keycloak Vulnerability Summary: Incorrect Organization Claim Assignment in JWT Access Token ## Vulnerability Overview **Title**: Wrong organization claim assignment in JWT access token #37169 **Stat…

Read more
CVSS 5.5
Ansible keycloak_user Module Credential Leakage (CVE-2025-14010)
github.com · 2026-05-07

# `keycloak_user` module leaks credentials in verbose mode (#11000) ## Vulnerability Overview The `keycloak_user` module in the `community.general` collection leaks sensitive credentials (such as pass…

Read more
CVSS 6.5
Keycloak keycloak-services Inefficient Regex DoS Vulnerability (CVE-2024-10270)
github.com · 2026-05-07

# Vulnerability Summary: Inefficient Regular Expression Complexity in org.keycloak:keycloak-services ## Vulnerability Overview A vulnerability was discovered in the `keycloak-services` package. Passin…

Read more
SQL Injection in Rucio FilterEngine Oracle JSON Path (CVE-2026-26080)
github.com · 2026-05-07

# SQL Injection in FilterEngine Oracle JSON Path via DID Search API ## Vulnerability Overview - **Vulnerability Type**: SQL Injection (CWE-89) - **CVSS Score**: 9.9/10 - **Description**: In `FilterEng…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.