Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Plack XSendfile Middleware Deprecation and X-Header Injection Risk
metacpan.org · 2026-04-30

### Vulnerability Overview This webpage describes a deprecation notice for a Perl middleware named `Plack::Middleware::XSendfile`. This middleware is used to set the X-Sendfile or similar headers so t…

Read more
Premium intel
CVSS 8.8
UTT HiPER 1250GW Router Buffer Overflow in ConfigAdvideo Interface
github.com · 2026-04-30

# UTT HiPER 1250GW Buffer Overflow Vulnerability ## Overview The UTT HiPER 1250GW router has a critical buffer overflow vulnerability. An attacker can control the `Profile` parameter via the router's …

Read more
CVE-2025-61780: Rack x-sendfile Access Control Bypass and Info Disclosure
nvd.nist.gov · 2026-04-30

# CVE-2025-61780 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Rack::Sendfile Information Disclosure and Access Control Bypass * **Vulnerability ID**: CVE-2025-61780 * **CV…

Read more
CVSS 7.3
OS Command Injection in xcode-mcp-server (CWE-78) with POC and Fix
github.com · 2026-04-30

# OS Command Injection Vulnerability in build_project and run_tests of xcode-mcp-server ## Vulnerability Overview An OS command injection vulnerability (CWE-78) exists in the `build_project` and `run_…

Read more
Premium intel
CVSS 8.8
UTT HiPER 1250GW Router Buffer Overflow Vulnerability with POC
github.com · 2026-04-30

# UTT HiPER 1250GW Router Buffer Overflow Vulnerability Summary ## Vulnerability Overview The UTT HiPER 1250GW router has a serious buffer overflow vulnerability. An attacker can control the `Profile`…

Read more
CVSS 7.3
OS Command Injection Vulnerability in xcode-mcp-server (CWE-78)
github.com · 2026-04-30

# OS Command Injection Vulnerability in xcode-mcp-server ## Vulnerability Overview - **Vulnerability Type**: OS Command Injection (CWE-78) - **Affected Components**: `build_project` and `run_tests` to…

Read more
CVSS 6.5
FreeRTOS-Plus-TCP Out-of-Bounds Read in IPv6 RA Parser (CVE-2026-7425)
github.com · 2026-04-30

# FreeRTOS-Plus-TCP Out-of-Bounds Read Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Out-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP - **Vulne…

Read more
CVSS 7.3
xhs-mcp 0.8.11 SSRF and Path Traversal Vulnerability Analysis
github.com · 2026-04-30

# SSRF and Path Traversal Vulnerability Summary (xhs-mcp) ## 1. Vulnerability Overview Two critical vulnerabilities were discovered in the `xhs_publish_content` feature of the `xhs-mcp` tool (version …

Read more
CVSS 7.3
xhs-mcp SSRF and Path Traversal Vulnerability Analysis with POC
github.com · 2026-04-30

# SSRF and Path Traversal Vulnerability Summary (xhs-mcp) ## 1. Vulnerability Overview * **Vulnerable Component**: The `xhs_publish_content` tool in the `xhs-mcp` project. * **Vulnerability Types**: *…

Read more
CVSS 8.8
UTT HiPER 1250GW Router NTP Interface Buffer Overflow Vulnerability Analysis
github.com · 2026-04-30

# UTT HiPER 1250GW Router Buffer Overflow Vulnerability Summary ## Vulnerability Overview This vulnerability exists in the UTT HiPER 1250GW router and is a severe buffer overflow issue. An attacker ca…

Read more
CVSS 4.7
Pizzafy Ecommerce System 1.0 SQL Injection Vulnerability Analysis
github.com · 2026-04-30

# Pizzafy Ecommerce System 1.0 SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Error-Based SQL Injection * **Severity**: HIGH * **Affected Endpoint**: `/pizzafy…

Read more
CVSS 4.7
Pizzafy Ecommerce 1.0 Admin SQL Injection Vulnerability Analysis
github.com · 2026-04-30

# Pizzafy Ecommerce System 1.0 SQL Injection Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Error-Based SQL Injection - **Severity**: High (HIGH) - **Affected Endpoint**: `p…

Read more
Premium intel
CVSS 6.3
Pizzafy Ecommerce 1.0 SQL Injection Vulnerability and Fix
github.com · 2026-04-30

# Pizzafy Ecommerce System 1.0 SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: SQL Injection (Error-based) * **Severity**: HIGH * **Affected Endpoint**: `/pizza…

Read more
CVSS 4.7
Pizzafy Ecommerce 1.0 Admin SQL Injection via save_menu Endpoint
github.com · 2026-04-30

# Pizzafy Ecommerce System 1.0 SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Error-based SQL Injection * **Severity**: HIGH * **Affected Endpoint**: `admin/aj…

Read more
CVSS 5.3
gel-mcp Arbitrary File Read via Path Traversal in fetch_rule (CVE-73)
github.com · 2026-04-30

# Summary of Arbitrary File Read Vulnerability in gel-mcp ## Vulnerability Overview **Vulnerability Name**: gel-mcp Arbitrary File Read via `fetch_rule` Path Traversal **CVE ID**: CVE-73 **Vulnerabili…

Read more
CVSS 7.3
simpletool-server Path Traversal in delete_shared_prompt (CVE-73)
github.com · 2026-04-30

# simpletool-server Path Traversal in delete_shared_prompt ## Vulnerability Overview * **Vulnerability Type**: Path Traversal * **Vulnerability ID**: #4 * **CNA/CVE ID**: CVE-73 * **Vulnerability Desc…

Read more
CVSS 4.8
wget2 Certificate Validation Flaw (CVE-2026-1858) Advisory and POC
www.tenable.com · 2026-04-30

# Summary of wget2 Improper Certificate Verification Vulnerability ## Vulnerability Overview Tenable Research identified a flaw in wget2's server certificate verification process. wget2 continues to a…

Read more
CVSS 7.3
filesystem-mcp-server Path Traversal Bypass Fix Analysis
github.com · 2026-04-30

# Vulnerability Summary ## Vulnerability Overview This commit fixes an **`ALLOWED_PATHS` check bypass vulnerability** in the `filesystem-mcp-server` project. Attackers can bypass whitelist restriction…

Read more
Premium intel
CVSS 8.8
Cockpit CMS Authenticated RCE via Collection Rules
gist.github.com · 2026-04-30

# Cockpit CMS Authenticated Remote Code Execution Vulnerability ## Vulnerability Overview This is a design-level flaw rather than a standard logic error. The core of the vulnerability lies in Cockpit …

Read more
CVSS 4.3
CVE-2026-7401: Stored XSS in CET Automated Grading System
github.com · 2026-04-30

# Vulnerability Summary: Stored XSS in CET Automated Grading System ## Vulnerability Overview * **Vulnerability Type**: Stored Cross-Site Scripting (Stored XSS) * **Vulnerability ID**: CVE-2026-7401 *…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.