Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Open5GS PCO Parsing Assert Failure Causes SMF Crash Fix
github.com · 2026-05-01

# Vulnerability Summary ## Vulnerability Overview A robustness issue exists in the parsing and construction of Protocol Configuration Options (PCO) within the Open5GS system. When PCO data is malforme…

Read more
libsndfile CVE-2026-37555 Integer Overflow Vulnerability and POC
gist.github.com · 2026-05-01

### Vulnerability Overview - **CVE ID**: CVE-2026-37555 - **Affected Versions**: libsndfile ≤ 1.2.2 (latest release) - **Vulnerability Type**: CWE-190 (Integer Overflow or Wraparound) - **CVSS Score**…

Read more
CVSS 6.5
Chartbrew Unauthorized Account Registration Bypassing signupRestricted
github.com · 2026-05-01

# Unauthorized Account Registration Vulnerability Summary for Chartbrew ## Vulnerability Overview The `POST /user/invited` endpoint in Chartbrew does not validate invitation tokens, authentication hea…

Read more
CVSS 8.1
Chartbrew v5 Access Control & Data Exposure Fixes
github.com · 2026-05-01

### Vulnerability Overview - **Vulnerability Name**: Not explicitly specified; however, it involves multiple security-related improvements and fixes. - **Vulnerability Description**: - **Invitation To…

Read more
Elixir Hex Package Manager CVE-2026-32148 Checksum Bypass Vulnerability Analysis
github.com · 2026-05-01

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: CVE-2026-32148 - **Vulnerability Description**: Due to a type mismatch in the `mix.lock` file, checksum verification is silent…

Read more
Hex Package Manager CVE-2026-32148 Dependency Integrity Bypass via Checksum Validation Failure
cna.erlef.org · 2026-05-01

# Vulnerability Summary: CVE-2026-32148 ## Vulnerability Overview **Title**: Lockfile checksums not verified in Hex allows dependency integrity bypass **ID**: CVE-2026-32148 **CVSS Score**: 8.9 (High)…

Read more
hexpm/hex Insufficient Verification of Data Authenticity Vulnerability (CVE-2026-32148)
osv.dev · 2026-05-01

# EEF-CVE-2026-32148 Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) - …

Read more
CVSS 7.5
chartbrew Missing Authorization Vulnerability (CVE-2026-40601) with PoC
github.com · 2026-05-01

# Vulnerability Summary: Missing Authorization in chartbrew ## Vulnerability Overview **Vulnerability Name**: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle **CVE ID…

Read more
CVSS 6.5
chartbrew Horizontal Privilege Escalation Vulnerability and PoC
github.com · 2026-05-01

# Vulnerability Summary: Unauthorized Access to Project Dashboard Data in Chartbrew ## Vulnerability Overview In the `chartbrew` project, there is a legacy dashboard route located at `/api/project/das…

Read more
CVSS 7.5
chartbrew Public Chart Access Control Bypass Vulnerability Analysis
github.com · 2026-05-01

# Vulnerability Summary: Missing Access Control on Public Chart Retrieval and Export Routes in Chartbrew ## Vulnerability Overview In the `chartbrew` project, public chart retrieval and export routes …

Read more
Shopizer Stored XSS Vulnerability Analysis and POC
github.com · 2026-05-01

# Vulnerability Summary: Stored XSS in Shopizer ## Vulnerability Overview Shopizer contains multiple REST API endpoints (such as `PUT /api/v1/private/category/{id}`, `POST /api/v1/auth/products/{id}/r…

Read more
CVSS 8.1
Chartbrew BOLA in dataset and dataRequest routes
github.com · 2026-05-01

# Vulnerability Summary: Improper Access Control in `dataset` and `dataRequest` Routes ## Vulnerability Overview Chartbrew exposes multiple endpoints in the `dataset` and `dataRequest` routes that aut…

Read more
CVSS 8.1
Chartbrew v4.9.0 Insecure Direct Object Reference in SharePolicy Route
github.com · 2026-05-01

# Vulnerability Summary: Access Control Error in Chartbrew Project Sharing Policy Routing ## Vulnerability Overview Chartbrew allows authenticated users to update or delete `SharePolicy` records belon…

Read more
JeecgBoot Stored XSS in /a/msg/msgInner/save Interface with POC
github.com · 2026-05-01

# Vulnerability Summary: Stored XSS in JeecgBoot Message Content ## Vulnerability Overview A stored Cross-Site Scripting (XSS) vulnerability exists in the `msgContent` parameter of the JeecgBoot `/a/m…

Read more
SpringBlade Stored XSS via XssHtmlFilter Bypass using JSON Unicode
github.com · 2026-05-01

# Vulnerability Summary: Stored XSS via XssHtmlFilter Bypass #38 ## Vulnerability Overview The `/api/blade-desk/notice/submit` endpoint in SpringBlade is vulnerable to Stored Cross-Site Scripting (XSS…

Read more
Shopizer Path Traversal to RCE via /api/v1/private/content/images/add
github.com · 2026-05-01

# Vulnerability Summary ## Vulnerability Overview The Shopizer e-commerce platform's `/api/v1/private/content/images/add` API endpoint contains a path traversal vulnerability, which can lead to arbitr…

Read more
SpringBlade blade-report XXE Vulnerability Analysis
github.com · 2026-05-01

# SpringBlade XXE Vulnerability Summary ## Vulnerability Overview The `blade-report` module of SpringBlade (integrated with UReport2) contains an XML External Entity (XXE) injection vulnerability. Att…

Read more
JeecgBoot File Upload Path Traversal Vulnerability Analysis
github.com · 2026-05-01

# Vulnerability Summary: JeecgBoot File Upload Path Traversal Vulnerability ## Vulnerability Overview In the `/a/file/upload` endpoint of JeecgBoot, the `fileEntityId` parameter is vulnerable to path …

Read more
CVSS 6.5
GnuTLS X.509 nameConstraints Case-Sensitive Bypass via DNS/Email Subtrees
gitlab.com · 2026-05-01

# [Moderate] gnutls x509 nameconstraints: excluded dns/email subtree bypass via case-sensitive comparison (security report) ## Vulnerability Overview GnuTLS uses **case-sensitive** matching when compa…

Read more
CVSS 3.7
GnuTLS OCSP Stapling Bypass: Accepting Revoked Certs via Crafted Response (CVE-2026-3832)
bugzilla.redhat.com · 2026-05-01

# Bug 2445762 (CVE-2026-3832) - gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response ## Vulnerability Overview gnutls matches stapled OCSP responses to th…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.