Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
JeecgBoot fileMd5 Path Traversal Vulnerability Analysis
github.com · 2026-05-01

# Vulnerability Summary: Path Traversal Vulnerability in fileMd5 Parameter ## Vulnerability Overview In the JeecgBoot `/a/file/upload` interface, when chunked upload is enabled (`file.chunked=true`), …

Read more
SpringBlade blade-report SSRF and RCE Vulnerability Analysis
github.com · 2026-05-01

# SpringBlade blade-report SSRF Vulnerability Summary ## Vulnerability Overview The `/ureport/datasource/testConnection` interface in the SpringBlade reporting module (`blade-report`) contains a criti…

Read more
CVSS 6.5
GnuTLS CVE-2026-3833: Policy bypass via case-sensitive nameConstraints comparison
bugzilla.redhat.com · 2026-05-01

# Bug 2445763 (CVE-2026-3833) - gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison ## Vulnerability Overview GnuTLS uses a case-insensitive `memcasecmp` path when comparing…

Read more
Mozilla Thunderbird 140.10.1 Security Advisory: Sandbox Escape and Memory Safety Fixes
www.mozilla.org · 2026-05-01

# Mozilla Foundation Security Advisory 2026-39 ## Vulnerability Overview Mozilla has fixed multiple security vulnerabilities in Thunderbird version 140.10.1, including information disclosure, sandbox …

Read more
Mozilla Thunderbird Security Advisory: Multiple Memory Safety Vulnerabilities Fixed (CVE-2026-7320/7322/7323/7324)
www.mozilla.org · 2026-05-01

# Mozilla Thunderbird Security Vulnerability Summary ## Vulnerability Overview The Mozilla Foundation released Security Advisory 2026-38, addressing multiple security vulnerabilities in Thunderbird 15…

Read more
Premium intel
CVSS 9.8
Weaver E-office10 Arbitrary File Upload Vulnerability
bbs.chaitin.cn · 2026-05-01

# Vulnerability Overview **Vulnerability Title**: [Vulnerability Pioneer] [OA Vulnerability] Weaver OA E-office10 Arbitrary File Upload **Vulnerability Description**: In Weaver OA E-office10, arbitrar…

Read more
Premium intel
CVSS 9.8
Weaver eOffice10 Front-end Arbitrary File Write Vulnerability POC
cn-sec.com · 2026-05-01

# Weaver eOffice10 Arbitrary File Write Vulnerability in the Frontend ## Vulnerability Overview The Weaver eOffice10 office platform contains an arbitrary file write vulnerability in the frontend. Att…

Read more
Halo SSRF Vulnerability: /apis/uc.api.storage.halo.run/v1alpha1/plugins/{name}/upgrade-from-uri
github.com · 2026-05-01

# Halo SSRF Vulnerability Summary ## Vulnerability Overview The `/apis/uc.api.storage.halo.run/v1alpha1/plugins/{name}/upgrade-from-uri` endpoint in Halo is vulnerable to Server-Side Request Forgery (…

Read more
CVSS 7.5
Weaver Ecology OA v10.57-10.79 Security Update Log: SQLi, XSS, Auth Bypass
www.weaver.com.cn · 2026-05-01

# Weaver Ecology Security Update Log Summary ## Vulnerability Overview The Weaver Ecology system (versions 10.57.1 - 10.79) contains multiple security vulnerabilities, primarily including SQL injectio…

Read more
CVSS 7.5
Apache ActiveMQ CVE-2023-46604 RCE Vulnerability Analysis and POC
www.cnvd.org.cn · 2026-05-01

# Vulnerability Summary ## Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) * **Root Cause*…

Read more
Premium intel
CVSS 9.8
Synology SMS Gateway 9-RADIUS.php Remote Command Execution Vulnerability
github.com · 2026-05-01

### Vulnerability Overview - **Vulnerability Name**: Synology SMS Gateway 9-RADIUS - Remote Command Execution - **Author**: Chenah - **Severity**: critical - **Description**: Synology SMS Gateway Mana…

Read more
CVSS 7.5
Weaver E-cology 9.5 Unauthenticated Arbitrary File Read Vulnerability
www.vulncheck.com · 2026-05-01

# Weaver E-cology 9.5 Unauthorized Arbitrary File Read Vulnerability ## Vulnerability Overview An unauthorized arbitrary file read vulnerability exists in Weaver (Fanwei) E-cology version 9.5. Attacke…

Read more
CVSS 7.5
CryptPad CVE-2025-51846 Unrestricted WebSocket Frame Flood DoS Analysis
github.com · 2026-05-01

# CVE-2025-51846 Vulnerability Summary ## Vulnerability Overview **CVE-2025-51846** is an **unrestricted WebSocket frame flooding attack** that can lead to a **remote Denial of Service (DoS)**. - **Se…

Read more
Halo Blog SSRF Vulnerability Analysis with POC
github.com · 2026-05-01

# Halo SSRF Vulnerability Summary ## Vulnerability Overview The `/apis/uc.api.storage.halo.run/v1alpha1/themes/{name}/upgrade-from-uri` endpoint of the Halo blog system has a Server-Side Request Forge…

Read more
Halo SSRF Vulnerability: Unvalidated URI in Plugin Install API Allows Internal Network Access
github.com · 2026-05-01

# Halo SSRF Vulnerability Summary ## Overview The `/apis/uc.api.storage.halo.run/v1alpha1/plugins/-/install-from-uri` endpoint in Halo has a Server-Side Request Forgery (SSRF) vulnerability. This flaw…

Read more
Krayin CRM v2.1.5 Authenticated RCE via File Upload (CVE-2026-36340)
github.com · 2026-05-01

# CVE-2026-36340 Vulnerability Summary ## Overview * **Vulnerability Name**: Krayin CRM v2.1.5 Remote Code Execution (RCE) Vulnerability * **CVE ID**: CVE-2026-36340 * **Severity**: Critical * **Affec…

Read more
Halo Blog SSRF Vulnerability Analysis (Pre-Auth/2.22.14)
github.com · 2026-05-01

# Halo SSRF Vulnerability Summary ## Vulnerability Overview The `/apis/uc.api.storage.halo.run/v1alpha1/themes/-/install-from-uri` endpoint of the Halo blog system has a Server-Side Request Forgery (S…

Read more
Premium intel
CVSS 9.8
Progress MOVeI Automation Critical Vulnerability Advisory (CVE-2026-4670/5174)
community.progress.com · 2026-05-01

# MOVeI Automation Critical Security Advisory (April 2026) ## Vulnerability Overview * **Vulnerability IDs**: CVE-2026-4670, CVE-2026-5174 * **Severity**: Critical * **Vulnerability Types**: * **CVE-2…

Read more
U-SPEED Router Firmware CVE-2026-36960 CSRF Vulnerability and POC
github.com · 2026-05-01

# CVE-2026-36960: Cross-Site Request Forgery (CSRF) Vulnerability in Web Management Interface ## Vulnerability Overview * **CVE ID**: CVE-2026-36960 * **CVSS Score**: 8.8 (High) * **Description**: The…

Read more
CVE-2026-36958: DoS Vulnerability in U-SPEED Router Firmware via Concurrent HTTP Requests with POC
github.com · 2026-05-01

# CVE-2026-36958: Denial of Service Vulnerability Caused by Concurrent HTTP Requests ## Vulnerability Overview * **CVE ID**: CVE-2026-36958 * **CVSS Score**: 7.5 (High) * **Vulnerability Type**: CWE-4…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.