Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 27403+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Avro Decoder CPU Exhaustion DoS Vulnerability in iskorotkov/avro v2
github.com · 2026-05-30

### Vulnerability Overview **Vulnerability Name**: CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration **Vulnerability Description**: - The Avro array and map decoders utilize attacker-…

Read more
Integer Overflow in Go Avro Decoder Leading to DoS
github.com · 2026-05-30

### Vulnerability Overview **Vulnerability Name**: Integer Overflow in Avro Decoder **Description**: - Multiple Avro decoder paths read controlled 64-bit values and cast them to platform-sized `int`s …

Read more
CVSS 7.5
FreeRDP RDPEAR NDR Parser UAF/Type Confusion Vulnerability
github.com · 2026-05-30

### Vulnerability Overview **Title**: FreeRDP RDPEAR NDR ref-id aliasing causes client-side UAF/double-free and type confusion **Description**: The FreeRDP RDPEAR NDR parser allows a non-empty NDR poi…

Read more
CVSS 4.5
libmng QUIC Dialer Type Confusion DoS Vulnerability with POC
github.com · 2026-05-30

### Vulnerability Overview **Vulnerability Name**: QUIC Dialer Close Type Confusion **Description**: During the QUIC dialing process, `ai->prov_data` is stored as `mni_quic_conn`, but it is read as `e…

Read more
Premium intel
CVSS 8.8
FreeRDP clipdr server heap-buffer-overflow via undersized capabilitySetLength with POC
github.com · 2026-05-30

### Vulnerability Overview **Vulnerability Name**: FreeRDP clipdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS **Description**: A malicious RDP client can trigger a h…

Read more
CVSS 4.5
NanoMQ 0.24.14 Patch: Fixes Pre-Auth Memory Corruption and MQTTv5 Parser Double Free/UAF Vulnerabilities
github.com · 2026-05-30

### Vulnerability Overview NanoMQ version 0.24.14 resolves several critical vulnerabilities, including memory safety issues and boundary check errors. These vulnerabilities could lead to program crash…

Read more
CVSS 7.7
FastGPT SSRF Bypass in Dataset Preview API via externalFile
github.com · 2026-05-30

### Vulnerability Overview **Title**: SSRF Protection Bypass via `externalFile` in Dataset Preview API **Description**: An unpatched Server-Side Request Forgery (SSRF) vulnerability allows authenticat…

Read more
CVSS 5.3
cpp-httplib DoS via Negative Chunk-Size in Transfer-Encoding (GHSA-h6wq-5mv-33q8)
github.com · 2026-05-30

# DoS: Negative chunk-size in chunked Transfer-Encoding ## Vulnerability Overview - **Vulnerability Name**: DoS: Negative chunk-size in chunked Transfer-Encoding - **Vulnerability ID**: GHSA-h6wq-5mv-…

Read more
Go golang.org/x/image/bmp Palette Index Out of Bounds Panic (CVE-2026-42500)
pkg.go.dev · 2026-05-30

### Vulnerability Overview - **Vulnerability ID**: GO-2026-5031 - **CVE ID**: CVE-2026-42500 - **Publication Date**: May 29, 2026 - **Description**: When decoding a palette-based BMP file, if the pale…

Read more
Premium intel
CVSS 9.8
Craft CMS Hidden Field Twig Template Injection Analysis
github.com · 2026-05-30

### Vulnerability Overview This vulnerability involves the evaluation of hidden fields and Twig templates in the `src/fields/formFields/Hidden.php` file. Specifically, the issue arises when a hidden f…

Read more
CVSS 3.3
Rizin rz tool search.in double-free vulnerability fix
github.com · 2026-05-30

### Vulnerability Overview This vulnerability involves a "double free" issue in the `rz` tool when handling invalid values. Specifically, when the `search.in` command receives invalid arguments, it ma…

Read more
CVSS 3.3
Rizin OMF Format Plugin OOB Read Vulnerability Fix
github.com · 2026-05-30

### Vulnerability Overview - **Vulnerability ID**: #6336 - **Vulnerability Type**: Out-of-Bounds Read (OOB) - **Description**: An out-of-bounds read error occurs in the OMF format plugin due to invali…

Read more
CVSS 3.3
rizin OMF Parser Heap-buffer-overflow Vulnerability (CVE-2024-45613) Advisory
github.com · 2026-05-30

### Vulnerability Overview - **Vulnerability Name**: Heap-buffer-overflow in OMF parser - **Description**: A heap buffer overflow vulnerability exists in `librz/bin/format/omf/omf.c`. - **Severity**: …

Read more
CVSS 3.3
Rizin Double Free Vulnerability in cmd_search.c (CVE-2026-4524) Advisory
github.com · 2026-05-30

### Vulnerability Overview - **Vulnerability Name**: Double free in cmd_search.c - **Vulnerability ID**: GHSA-2377-chx7-xf7c - **Severity**: Low (3.3 / 10) - **Publication Date**: 3 weeks ago - **Desc…

Read more
Premium intel
CVSS 8.8
Laravel MediaLibrary File Upload Bypass Fix via Multi-Extension Validation
github.com · 2026-05-30

### Vulnerability Overview This vulnerability involves insufficient validation of file extensions, which may lead to malicious file uploads. Specifically, the previous check only blocked filenames end…

Read more
Premium intel
CVSS 8.8
Laravel Media Library File Name Validation Bypass Fix and Security Analysis
github.com · 2026-05-30

### Vulnerability Overview This vulnerability addresses the reinforcement of filename validation against malicious extensions. Specifically, the `defaultSanitizer()` method in the `FileAdder` class ha…

Read more
TP-Link TL-SG108PE Stored XSS via Config Import Advisory
www.tp-link.com · 2026-05-30

### Vulnerability Overview - **Vulnerability Name**: Stored Cross-Site Scripting (XSS) via Configuration File Import - **Vulnerability Description**: An attacker can inject malicious scripts into the …

Read more
Premium intel
CVSS 8.3
Danelec MacGregor VDR G4e Default Credentials and Hardcoded CVEs (ICS Alert)
www.cisa.gov · 2026-05-30

### Vulnerability Overview - **Vulnerability Name**: MacGregor Voyage Data Recorder (VDR) G4e - **Publication Date**: May 28, 2026 - **Alert Code**: ICSA-26-148-01 - **CVSS Score**: 8.3 - **Vendor**: …

Read more
Premium intel
CVSS 8.3
CISA ICSA-26-148-01 Advisory: Critical Infrastructure Admin Access Vulnerability
github.com · 2026-05-30

### Vulnerability Overview - **Vulnerability Name**: ICSA-26-148-01 - **Description**: This vulnerability may allow attackers to gain administrator access, affecting critical infrastructure sectors. -…

Read more
Premium intel
CVSS 9.9
Shopper Admin RBAC Privilege Escalation via Auth Bypass (CVE-2025-47744)
github.com · 2026-05-30

### Vulnerability Overview **Title**: Authorization bypass and RBAC privilege escalation in team settings **Description**: Two distinct authorization flaws in team settings allow any authenticated das…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.