Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 3.7
TREKTECH TEW-821DAP Firmware Integrity Verification Bypass via CRC32
github.com · 2026-05-02

# Firmware Integrity Vulnerability Summary ## Vulnerability Overview During the firmware update process, there is a firmware integrity verification vulnerability. Specifically located in the `platform…

Read more
CVSS 5.5
Trendnet TEW-821DAP Firmware Update Command Injection Vulnerability with POC
github.com · 2026-05-02

# Trendnet TEW-821DAP Command Injection Vulnerability During Firmware Update Process ## Vulnerability Overview During the firmware update process, the `tools_diagnostic()` function contains a command …

Read more
CVSS 6.3
Trendnet TEW-821DAP Firmware Update Command Injection Vulnerability with POC
github.com · 2026-05-02

# Trendnet TEW-821DAP Command Injection Vulnerability During Firmware Update Process ## Vulnerability Overview During the firmware update process, the `tools_diagnostic` function of Trendnet TEW-821DA…

Read more
Premium intel
CVSS 6.1
RHSA-2026:11511: Red Hat Multicluster Engine Assisted Installer Container Update (CVE-2026-7163)
access.redhat.com · 2026-05-02

# RHSA-2026:11511 - Security Advisory ## Vulnerability Overview * **Vulnerability ID**: CVE-2026-7163 * **Type/Severity**: Security Advisory: Important * **Publication Date**: 2026-04-29 * **Update Da…

Read more
Premium intel
CVSS 6.1
Red Hat RHSA-2026:11512 Security Advisory for MCE 2.710 (CVE-2026-7163, CVE-2026-34986)
access.redhat.com · 2026-05-02

### Vulnerability Overview - **Vulnerability ID**: RHSA-2026:11512 - **Publication Date**: 2026-04-29 - **Update Date**: 2026-04-30 - **Type/Severity**: Security Advisory, Important ### Impact Scope -…

Read more
CVSS 3.7
Trendnet TEW-821DAP Firmware Update Authentication Bypass Vulnerability Analysis
github.com · 2026-05-02

# Vulnerability Summary: Firmware Authentication Vulnerability in Trendnet TEW-821DAP Firmware Update Process ## Vulnerability Overview A firmware authentication vulnerability exists during the firmwa…

Read more
CVSS 6.3
JeecgBoot SSRF in uploadImgByHttp Endpoint (Pre-Auth)
github.com · 2026-05-02

# [Security] Direct SSRF via uploadImgByHttp Endpoint in jeecgboot_jeecBoot #9555 ## Vulnerability Overview A direct Server-Side Request Forgery (SSRF) vulnerability exists in the `/sys/common/uploadI…

Read more
CVSS 6.3
JeecgBoot SSRF Vulnerability Analysis: /sys/common/uploadImgByHttp Endpoint
github.com · 2026-05-02

# Vulnerability Summary: Direct SSRF Vulnerability in JeecgBoot ## Vulnerability Overview A direct Server-Side Request Forgery (SSRF) vulnerability exists in the `/sys/common/uploadImgByHttp` interfac…

Read more
CVSS 6.3
Second-Order SSRF in JeecgBoot Announcement Download
github.com · 2026-05-02

# [Security] Second-Order SSRF in jeecgboot_JeecgBoot #9553 ## Vulnerability Overview A second-order Server-Side Request Forgery (SSRF) vulnerability exists in the announcement file download functiona…

Read more
CVSS 6.3
Second-Order SSRF in JeecBoot OpenApi Service
github.com · 2026-05-02

# [Security] Second-Order SSRF via OpenApi Service in jeecboot_jeecBoot #9554 ## Vulnerability Overview This is a **Second-Order Server-Side Request Forgery (Second-Order SSRF)** vulnerability existin…

Read more
CVSS 6.3
Second-Order SSRF in JeecBoot Announcement Download
github.com · 2026-05-02

# [Security] Second-Order SSRF in jeecboot_JeecBoot #9553 ## Vulnerability Overview A **second-order Server-Side Request Forgery (SSRF)** vulnerability exists in the announcement file download feature…

Read more
CVSS 6.3
Second-Order SSRF in JeecBoot OpenApi Service
github.com · 2026-05-02

# [Security] Second-Order SSRF via OpenApi Service in jeecboot_jeecBoot #9554 ## Vulnerability Overview A second-order Server-Side Request Forgery (SSRF) vulnerability has been discovered in the OpenA…

Read more
Premium intel
CVSS 6.3
JeecBoot Reflection RCE: Unauthenticated Rule Modification Leads to Arbitrary Code Execution
github.com · 2026-05-02

# Vulnerability Summary: jeecboot_JeecBoot Insecure Reflection Leads to Remote Code Execution ## Vulnerability Overview In the `jeecboot_JeecBoot` system, the `FillRuleUtil` component has a **second-o…

Read more
Premium intel
CVSS 6.3
JeecgBoot Second-Order RCE via Unsafe Reflection in FillRuleUtil
github.com · 2026-05-02

# JeecgBoot Remote Code Execution Vulnerability Summary ## Vulnerability Overview JeecgBoot has a **second-order remote code execution (RCE)** vulnerability. The vulnerability stems from an insecure r…

Read more
CVSS 6.4
Simple Link Directory SQL Injection Vulnerability Analysis
wordpress.org · 2026-05-02

# Vulnerability Summary ## Overview The Simple Link Directory plugin has an **SQL injection vulnerability**. Attackers can inject SQL code into database queries by crafting malicious parameters (e.g.,…

Read more
CVSS 6.4
maxi-blocks XSS Vulnerability Fix Analysis
github.com · 2026-05-02

# Vulnerability Summary ## Overview - **Vulnerability Type**: Cross-Site Scripting (XSS) - **Description**: In the `maxi-blocks` plugin, the `sc_string` function does not properly escape user input, a…

Read more
CVSS 4.3
Open5GS AMF Remote Denial of Service via Reachable Assertion in build_json
github.com · 2026-05-02

# Vulnerability Summary ## Vulnerability Overview - **Title**: [Bug]: Reachable assertion in message.c:build_json allows remote Denial of Service of AMF #4321 - **Status**: Closed - **Reporter**: ljun…

Read more
CVSS 4.3
Open5GS AMF Invalid 5G Registration Type Handling Flaw and Fix
github.com · 2026-05-02

### Vulnerability Overview This vulnerability involves the AMF (Access and Mobility Management Function) failing to properly handle invalid `registration_type` values when a UE (User Equipment) sends …

Read more
Premium intel
CVSS 9.6
ArgoCD ServerSideDiff Secret Extraction Vulnerability (CVSS 9.6)
github.com · 2026-05-02

# Kubernetes Secret Extraction via ArgoCD ServerSideDiff ## Vulnerability Overview The `ServerSideDiff` endpoint in ArgoCD suffers from missing authorization and data masking vulnerabilities. Attacker…

Read more
CVSS 5.3
Total Upkeep <=1.17.1 WordPress Plugin Unauthenticated Rollback Cancellation Vulnerability
www.wordfence.com · 2026-05-02

# Total Upkeep <= 1.17.1 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Missing Authorization to Unauthenticated Rollback Cancellation * **CVSS Score**: 5.3 * **Description*…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.