Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24869+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 8.8
Router VPN Module Stack Overflow Vulnerability Analysis
github.com · 2026-05-03

### Vulnerability Overview This vulnerability involves a stack overflow in the `resolv_vpn_server` function, which may lead to arbitrary command execution. Specifically, the `vpn_pptp_server` variable…

Read more
Starlet HTTP Smuggling Vulnerability Fix and POC
github.com · 2026-05-03

### Vulnerability Overview This vulnerability involves HTTP Smuggling, specifically manifesting as an issue where the server may fail to correctly parse requests containing multiple `Transfer-Encoding…

Read more
Premium intel
CVSS 7.3
Jinhe OA SQL Injection Vulnerability Report (Pre-Auth)
github.com · 2026-05-03

# Jinhe OA SQL Injection Vulnerability Report #1 ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: Jinhe OA (Jsoft OA) * **Affected Component**: `C:\Jsoft.Web.P…

Read more
Premium intel
CVSS 7.3
MikroTik RouterOS SCEP Out-of-Bounds Read Vulnerability Analysis and Fix
github.com · 2026-05-03

### Vulnerability Overview **Title:** MikroTik RouterOS 6.49.8 Out-of-Bounds Read (nova/lib/www/scep.p) #4 **Type:** Out-of-Bounds Read (CWE-125), Improper Handling of Length Parameter Inconsistencies…

Read more
CVSS 7.3
Online Hospital Management System Pre-Auth SQL Injection in viewappointment.php
github.com · 2026-05-03

# Vulnerability Summary: Online Hospital Management System SQL Injection Vulnerability ## Vulnerability Overview An unrestricted SQL injection vulnerability exists in the `viewappointment.php` file of…

Read more
CVSS 7.3
NextChat Unauthenticated RCE via MCP Server Action with POC
github.com · 2026-05-03

### Vulnerability Overview **Title:** CVE Report: Unauthenticated Remote Code Execution via MCP Server Action in NextChat **Severity:** 9.8 (Critical) **Vulnerability Type:** Unauthenticated Remote Co…

Read more
CVSS 4.3
NextChat Permissive CORS Policy Leading to SSRF and Sensitive Data Leakage
github.com · 2026-05-03

### Vulnerability Overview **Title:** Permissive CORS Wildcard Policy on All API Endpoints Enabling Cross-Origin Exploitation (CVE Report: Permissive CORS Wildcard Policy on All API Endpoints Enabling…

Read more
Premium intel
CVSS 6.5
sublinear-time-solver MCP Arbitrary File Write Vulnerability (CVE-73)
github.com · 2026-05-03

# Vulnerability Report Summary: Arbitrary File Write Vulnerability in sublinear-time-solver ## Vulnerability Overview An arbitrary file write vulnerability (CVE-73) was discovered in the `consciousnes…

Read more
CVSS 6.3
Command Injection in mcp-server-rijksmuseum (CVE-78)
github.com · 2026-05-03

# Vulnerability Report Summary: Command Injection in mcp-server-rijksmuseum ## Vulnerability Overview A command injection vulnerability (CVE-78) was discovered in `mcp-server-rijksmuseum` version 1.0.…

Read more
CVSS 6.3
website-downloader 0.1.0 Command Injection Vulnerability Analysis
github.com · 2026-05-02

### Vulnerability Overview **Vulnerability Name**: Command Injection Vulnerability in website-downloader **CVE ID**: CWE-78 (Improper Neutralization of Special Elements used in an OS Command) **Descri…

Read more
CVSS 6.5
TOTOLINK N300RH V4 Unauthenticated Arbitrary File Deletion Vulnerability (CWE-73)
github.com · 2026-05-02

# TOTOLINK N300RH V4 Router Arbitrary File Deletion Vulnerability (CVE-73) ## Vulnerability Overview The web management interface of the TOTOLINK N300RH V4 wireless router contains an **External Contr…

Read more
CVSS 5.4
Online Hospital Management System Unauth Privilege Escalation via Password Overwrite
github.com · 2026-05-02

### Vulnerability Overview This vulnerability is an **unauthorized administrator privilege escalation** flaw located in the `patient.php` file of the Online Hospital Management System. When an attacke…

Read more
CVSS 6.3
Command Injection in website-downloader 0.1.0 (CWE-78)
github.com · 2026-05-02

### Vulnerability Overview **Vulnerability Name**: Command Injection Vulnerability in website-downloader **CVE ID**: CWE-78 (Improper Neutralization of Special Elements used in an OS Command) **Descri…

Read more
Premium intel
CVSS 7.3
InnoShop Pre-Auth Install Module Overwrite Leads to Full System Takeover
github.com · 2026-05-02

### Vulnerability Overview **Title**: [Security] Pre-auth Application Reinstall leads to full system takeover #314 **Description**: The installation module (`innopacks/install`) of InnoShop contains a…

Read more
Premium intel
CVSS 7.3
InnoShop Pre-Auth Install Module Override Leads to Full System Takeover
github.com · 2026-05-02

### Vulnerability Overview **Title**: [Security] Pre-auth Application Reinstall leads to full system takeover #314 **Type**: Critical pre-authentication vulnerability **Description**: The installation…

Read more
CVSS 6.3
Command Injection Fix in MCP Server mcp-code-review-server (exec to execFile)
github.com · 2026-05-02

### Vulnerability Overview - **Vulnerability Type**: Command Injection - **Trigger Condition**: User-controlled input is concatenated into a command string and executed via the shell - **Root Cause**:…

Read more
Premium intel
CVSS 7.1
WordPress PMPro Plugin Stripe Webhook Unauthenticated Access Fix
github.com · 2026-05-02

# Vulnerability Summary ## Overview This vulnerability involves missing authentication and nonce checks in the Stripe webhook AJAX handler. An attacker may forge requests to bypass authentication and …

Read more
CVSS 6.3
Arbitrary File Write Vulnerability in mcp-mt4-server (CWE-73) Analysis and Fix
github.com · 2026-05-02

# Vulnerability Summary: Arbitrary File Write Vulnerability in mcp-mt4-server ## 1. Vulnerability Overview * **Vulnerability Name**: Arbitrary File Write Vulnerability in mcp-mt4-server (CVE-73) * **V…

Read more
CVSS 4.7
Authenticated SQL Injection in Courier Management System V1.0
github.com · 2026-05-02

# Vulnerability Summary: itsourcecode Courier Management System V1.0 SQL Injection Vulnerability ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: Courier Manag…

Read more
CVSS 5.3
WordPress Plugin Amelia Unauthenticated Access Bypass (CVE-2026-40789) and Vulnerability Summary
www.wordfence.com · 2026-05-02

# Vulnerability Summary: Booking for Appointments and Events Calendar – Amelia Note: Specific POC or exploit code is not provided on the page.

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.