Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Erlang Bandit CL.CL Request Smuggling Vulnerability (CVE-2026-39805) and PoC
github.com · 2026-05-02

# CL.CL Request Smuggling Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: CL.CL Request Smuggling (via un-rejected duplicate `Content-Length` header) - **CVE ID**: CVE-2026-3…

Read more
Premium intel
CVSS 7.3
Courier Management System V1.0 Unauthenticated SQL Injection in /edit_staff.php
github.com · 2026-05-02

# Vulnerability Summary: Courier Management System V1.0 SQL Injection Vulnerability ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: Courier Management System …

Read more
CVE-2024-39807: Bandit Transport State Spoofing Vulnerability
github.com · 2026-05-02

### Vulnerability Overview **Title**: Bandit Trusts Client-Provided Scheme Over Plaintext Connection **Description**: Bandit reflects the client-provided URI scheme into `conn.scheme` without verifyin…

Read more
Bandit WebSocket permessage-deflate Unbounded Inflate Causes BEAM OOM
github.com · 2026-05-02

# Vulnerability Summary: Unbounded WebSocket inflate causes BEAM OOM with a single frame ## Vulnerability Overview When the Bandit server has `permessage-deflate` compression explicitly enabled (`comp…

Read more
Elixir bandit HTTP/2 DoS Vulnerability CVE-2026-42788
osv.dev · 2026-05-02

# Vulnerability Summary: EEF-CVE-2026-42788 ## Overview - **CVE ID**: CVE-2026-42788 - **CVSS Score**: 6.9 (Medium) - **Vulnerability Type**: Allocation of Resources Without Limits or Throttling - **D…

Read more
CVE-2026-42788: Bandit HTTP/2 Frame Size Check Bypass Leading to DoS
cna.erlef.org · 2026-05-02

# Vulnerability Summary: CVE-2026-42788 ## Overview - **Vulnerability Name**: HTTP/2 frame size limit checked after body is buffered in bandit - **CVE ID**: CVE-2026-42788 - **CVSS Score**: 6.9 (MEDIU…

Read more
CVE-2026-42786: Bandit WebSocket Fragment Reassembly Unbounded DoS
cna.erlef.org · 2026-05-02

# Vulnerability Summary: CVE-2026-42786 ## Overview * **Vulnerability Name**: WebSocket Fragmented Message Reassembly Unbounded (WebSocket fragmented message reassembly unbounded in bandit) * **CVE ID…

Read more
CVE-2026-39807: Bandit URI Scheme Trust Bypass Vulnerability
cna.erlef.org · 2026-05-02

# CVE-2026-39807: URI Scheme Provided by Bandit Client Trusted Without Transport Verification ## Vulnerability Overview In `mtrudel/bandit`, the `Elixir.Bandit.Pipeline.determine_scheme/2` function di…

Read more
CVE-2026-39805: Bandit HTTP Request Smuggling via Duplicate Content-Length
cna.erlef.org · 2026-05-02

# Vulnerability Summary: CVE-2026-39805 ## Vulnerability Overview **Title**: CL.CL HTTP Request Smuggling (via Duplicate Content-Length Header) **ID**: CVE-2026-39805 **CVSS Score**: 6.3 (MEDIUM) **CW…

Read more
Elixir Bandit Reliance on Untrusted Inputs Security Decision Bypass (CVE-2026-39807)
osv.dev · 2026-05-02

# Vulnerability Summary: EEF-CVE-2026-39807 ## Vulnerability Overview - **Vulnerability ID**: EEF-CVE-2026-39807 - **CVSS Score**: 6.3 (Medium) - **Vulnerability Type**: Reliance on Untrusted Inputs i…

Read more
Bandit HTTP Request Smuggling Vulnerability (CVE-2026-39805) Advisory
osv.dev · 2026-05-02

# EEF-CVE-2026-39805 Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: EEF-CVE-2026-39805 - **CVSS Score**: 6.3 (Medium) - **Publication Date**: 2026-05-01 - **Vulnerability Type…

Read more
Bandit WebSocket permessage-deflate DoS Vulnerability (CVE-2026-39804)
cna.erlef.org · 2026-05-02

### Vulnerability Overview - **CVE ID**: CVE-2026-39804 - **Vulnerability Name**: WebSocket permessage-deflate inflate has no output-size cap in bandit - **CVSS 4.0 Score**: 8.2 (HIGH) - **Vulnerabili…

Read more
Elixir bandit WebSocket permessage-deflate OOM Vulnerability (CVE-2026-39804)
osv.dev · 2026-05-02

# Vulnerability Summary: EEF-CVE-2026-39804 ## Overview - **Vulnerability Name**: WebSocket permessage-deflate inflate lacks output size limit - **Vulnerability Type**: Allocation of Resources Without…

Read more
CVSS 6.3
SQL Injection in astro-mcp-server (CVE-89) with POC
github.com · 2026-05-02

# SQL Injection Vulnerability Summary (astro-mcp-server) ## Vulnerability Overview * **Vulnerability Name**: SQL Injection Vulnerability in astro-mcp-server * **CVE ID**: CVE-89 (CWE-89: SQL Injection…

Read more
CVSS 5.3
Splunk MCP Integration CSV Export Path Traversal Vulnerability
github.com · 2026-05-02

# Summary of Arbitrary File Write Vulnerability in Splunk MCP Integration CSV Export ## Vulnerability Overview The CSV export service in Splunk MCP Integration contains a path traversal vulnerability.…

Read more
CVSS 7.3
Branch Monkey MCP Command Injection via /api/local-claude/time-machine/preview
github.com · 2026-05-02

# Vulnerability Summary: Branch Monkey Command Injection Vulnerability ## Overview * **Vulnerability Name**: Branch Monkey Command Injection via `/api/local-claude/time-machine/preview` * **Vulnerabil…

Read more
PassMark Driver CVE-2025-52347 Arbitrary Physical Memory Read via IOCTL
github.com · 2026-05-02

# CVE-2025-52347 Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: CVE-2025-52347 * **Vulnerability Name**: Arbitrary Physical Memory Read via IOCTL 0x8011E044 * **Vulnerability …

Read more
CVSS 5.3
Path Traversal Vulnerability in coding-standards-mcp and Remediation
github.com · 2026-05-02

# Summary of Template Injection Vulnerability in coding-standard-mcp ## Vulnerability Overview In the `coding-standards-mcp` project, the `get_style_guide` tool contains a path traversal vulnerability…

Read more
Flipper Zero Firmware main Thread Stack Overflow Vulnerability (CVE-2026-30363)
github.com · 2026-05-02

### Vulnerability Overview - **Vulnerability Name**: Potential thread stack overflow in main #4332 - **Vulnerability Type**: Thread Stack Overflow - **Vulnerability Description**: In the `flipperzero-…

Read more
GSVoIP Web Panel Reflected XSS Vulnerability (CVE-2025-69606)
github.com · 2026-05-02

# CVE-2025-69606 — Reflected XSS Vulnerability in GSVoIP Web Panel ## Vulnerability Overview A reflected Cross-Site Scripting (XSS) vulnerability was identified in GSVoIP Web Panel (v2.0.90). The `msg…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.