Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.3
Cisco ISE Authentication Bypass and Info Disclosure Vulnerabilities (CVE-2026-20195/20193)
sec.cloudapps.cisco.com · 2026-05-07

# Cisco Identity Services Engine (ISE) Authentication Bypass Vulnerability Summary ## Vulnerability Overview Cisco Identity Services Engine (ISE) contains multiple vulnerabilities that allow remote at…

Read more
CVSS 8.8
Cisco Unity Connection RCE and SSRF Vulnerabilities (CVE-2026-20034/2026-20035) Advisory
sec.cloudapps.cisco.com · 2026-05-07

# Summary of Remote Code Execution and Server-Side Request Forgery Vulnerabilities in Cisco Unity Connection ## Vulnerability Overview Cisco Unity Connection contains multiple vulnerabilities that all…

Read more
CVSS 7.5
Cisco CNC/NSO CVE-2026-20188 Connection Exhaustion DoS Advisory
sec.cloudapps.cisco.com · 2026-05-07

# Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability ## Vulnerability Overview - **Vulnerability Name**: Cisco Crosswork N…

Read more
CVSS 7.7
Cisco SG350/SG350X SNMP DoS Vulnerability Advisory (cisco-sa-sg350-snmp-dos-0EF2ZT)
sec.cloudapps.cisco.com · 2026-05-07

### Vulnerability Overview - **Vulnerability Name**: Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability - **Vulnerability ID**: cisco-sa-sg350-snmp-dos-0EF2ZT - **Rele…

Read more
Premium intel
CVSS 8.8
Minotol Agent Path Traversal Fix and POC Analysis
github.com · 2026-05-07

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Path Traversal / Directory Traversal - **Affected Components**: `host-core.ts` and `session-manager.ts` modules of the Minot…

Read more
gopls Debug Flags RCE Vulnerability (CVE-2026-42503)
go.dev · 2026-05-07

### Vulnerability Overview - **Vulnerability ID**: #79211 - **Description**: The `-port` and `-listen` flags in `golang/go` facilitate binding to `0.0.0.0` and allow remote code execution (RCE). - **C…

Read more
Premium intel
CVSS 8.8
NanoClaw Container Path Traversal Fix: Host File Read/Delete Prevention
github.com · 2026-05-07

# [security] fix(container): prevent host file read/delete via container-controlled outbox paths #2001 ## Vulnerability Overview This PR addresses a boundary issue between the host and container file …

Read more
CVSS 6.2
QEMU e1000 Stack-buffer-overflow in e1000_receive_iov with POC
gitlab.com · 2026-05-07

# Vulnerability Overview - **Vulnerability Name**: Stack-buffer-overflow in e1000: e1000_receive_iov - **Status**: Done - **Created**: 9 months ago - **Author**: Alexander Bulekov - **Tags**: Auto Tra…

Read more
CVSS 5.3
FFmpeg ALS Decoder NULL Pointer Dereference Fix
github.com · 2026-05-07

# FFmpeg Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: NULL pointer dereference - **Vulnerable File**: `libavcodec/alsdec.c` - **Trigger Condition**: Failure to check the r…

Read more
CVSS 3.1
libssh KEX Memory Leak DoS Vulnerability (CVE-2025-8277)
www.libssh.org · 2026-05-07

# Vulnerability Summary: libssh Memory Leak and Denial of Service Vulnerability ## Vulnerability Overview - **CVE ID**: CVE-2025-8277 - **Vulnerability Type**: Memory Leak - **Severity**: CVSSv3 3.1 (…

Read more
CVSS 4.3
Flowise IDOR Vulnerability: Unauthorized Access to User/Workspace Endpoints with POC
gist.github.com · 2026-05-06

# Vulnerability Summary: Flowise IDOR Vulnerability ## Vulnerability Overview **Title**: Flowise user, organization user, and workspace user read endpoints lack authorization checks, allowing cross-te…

Read more
CVSS 3.7
Flowise Unauthenticated Credential Hash Exposure via /api/v1/account/verify
gist.github.com · 2026-05-06

# Vulnerability Summary: Unauthenticated Credential Hash Exposure ## Vulnerability Overview **Title**: Unauthenticated Credential Hash Exposure via Account Verification Endpoint (Incomplete Fix for #5…

Read more
Qt QSvgMarker Bad-cast Vulnerability (UBSAN)
issues.oss-fuzz.com · 2026-05-06

# OSS Fuzz Vulnerability Report Summary ## Vulnerability Overview - **Title**: `qtbase_gui_image_qimage_loadfromdata: Bad-cast to QSvgMarker from QSvgLine in QSvgMarker::drawHelper` - **Project**: Qt …

Read more
CVSS 3.7
FlowiseAI Credential Exposure: /api/v1/account/login exposes Bcrypt password hashes
gist.github.com · 2026-05-06

# Vulnerability Summary: FlowiseAI Credential Leakage Vulnerability ## Vulnerability Overview **Title**: Bcrypt Password Hash Exposure via `/api/v1/account/login` and `/api/v1/account/invite` Endpoint…

Read more
CVSS 3.5
FastBee Stored XSS in Notice Module (SysNoticeController)
fx4tqqfvdw4.feishu.cn · 2026-05-03

# FastBee System Announcement Stored XSS Vulnerability Summary ## Vulnerability Overview The announcement module of the FastBee system contains a stored cross-site scripting (Stored XSS) vulnerability…

Read more
Premium intel
CVSS 7.3
yudao-cloud OAuth2 Token Authentication Bypass Vulnerability Analysis
github.com · 2026-05-03

# CVE Report Summary: yudao-cloud OAuth2 Token Authentication Bypass ## Vulnerability Overview * **Vulnerability Title**: [High] yudao-cloud OAuth2 Token Authentication Bypass * **CVE ID**: CVE-287 (C…

Read more
CVSS 6.3
yudao-cloud GoView SQL Injection Vulnerability (CVE) and PoC
github.com · 2026-05-03

# CVE Report: yudao-cloud GoView SQL Injection Vulnerability #2 ## Vulnerability Overview * **Vulnerability Title**: [High] yudao-cloud GoView SQL Injection * **Vulnerability Type**: SQL Injection (CW…

Read more
Premium intel
CVSS 8.8
Widget Options Authenticated RCE via Display Logic (<=4.2.2/5.3.2)
www.wordfence.com · 2026-05-03

# Vulnerability Summary ## Overview * **Vulnerability Name**: Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic * **Vulnerability Type**: Remote Code Execu…

Read more
CVSS 5.4
CVE-2024-1771: Authenticated Stored XSS in WordPress Total Theme
www.wordfence.com · 2026-05-03

### Vulnerability Overview - **Vulnerability Name**: Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute - **Description**: The…

Read more
Premium intel
CVSS 8.8
Router generate_conf_router Stack Overflow Vulnerability and RCE POC
github.com · 2026-05-03

### Vulnerability Overview This vulnerability involves a stack overflow issue in the `generate_conf_router` function, which may lead to arbitrary command execution. Specifically, the `Channel` variabl…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.