Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24810+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 8.8
BuddyPress Xprofile Custom Fields Type <=2.6.3 Path Traversal Arbitrary File Deletion
www.vulncheck.com · 2026-04-30

# Vulnerability Summary: BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution ## Overview - **Vulnerability Name**: BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution - *…

Read more
CVSS 8.4
AlloK Video Joiner 4.6.1217 Stack Buffer Overflow Vulnerability with POC
www.exploit-db.com · 2026-04-30

# Vulnerability Summary ## Overview - **Vulnerability Name**: AlloK Video Joiner 4.6.1217 - Stack-Based Buffer Overflow - **EDB-ID**: 44364 - **Publication Date**: 2018-03-30 - **Author**: Mohan Ravic…

Read more
Premium intel
CVSS 8.8
AgentFlow Web API Arbitrary Python File Execution Fix
github.com · 2026-04-30

# Vulnerability Summary: Hardening Web API Pipeline Loading and Request Validation ## Vulnerability Overview This vulnerability involves security boundary issues in the local Web UI/API control panel.…

Read more
CVSS 5.3
FreeRTOS-Plus-TCP ICMP Echo Reply Integer Underflow DoS Vulnerability
github.com · 2026-04-30

# FreeRTOS-Plus-TCP ICMP Echo Reply Integer Underflow Vulnerability ## Vulnerability Overview FreeRTOS-Plus-TCP is a lightweight TCP/IP protocol stack. This vulnerability exists in the ICMP and ICMPv6…

Read more
Premium intel
CVSS 8.8
Berabuddies Agentflow Web API Arbitrary File Load via pipeline_path
github.com · 2026-04-30

# Vulnerability Summary: Hardening Web API Pipeline Loading and Request Validation ## Vulnerability Overview The Web API in Berabuddies Agentflow contains a security configuration flaw. By default, th…

Read more
CVSS 4.4
NousResearch/hermes-agent macOS /etc Write Protection Bypass via Symlink
github.com · 2026-04-30

# Summary of macOS Sensitive Path Write Protection Bypass Vulnerability ## Vulnerability Overview * **Vulnerability ID**: #8734 * **Product Name**: NousResearch/hermes-agent * **Affected Version**: 0.…

Read more
CVSS 7.3
BioinfoMCP Arbitrary File Write Vulnerability (CWE-73) Analysis and Fix
github.com · 2026-04-30

# BioinfoMCP Arbitrary File Write Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: BioinfoMCP Arbitrary File Write via POST /upload #2 * **Vulnerability Type**: Arbitrary File…

Read more
CVSS 4.4
macOS Path Traversal Bypass Fix and POC in _check_sensitive_path
github.com · 2026-04-30

### Vulnerability Overview This vulnerability involves a path security bypass issue on macOS. Specifically, the `_check_sensitive_path()` function only checks the resolved path after `realpath()`, all…

Read more
CVSS 4.4
Fix for macOS file write path bypass via symlink in file_tools.py
github.com · 2026-04-30

# Vulnerability Summary ## Overview This vulnerability involves macOS systems where `/etc` is a symbolic link to `/private/etc`, causing certain tools (such as `file_tools`) to fail to correctly ident…

Read more
CVSS 6.5
Wazuh API Brute-Force Protection Race Condition Bypass (CVE-2026-26206)
github.com · 2026-04-30

# API Brute-Force Protection Bypass Vulnerability Summary ## Vulnerability Overview The Wazuh server's API brute-force protection mechanism contains a race condition vulnerability. Under concurrent re…

Read more
CVSS 6.5
Wazuh remoted Heap-based NULL WRITE Buffer Underflow Analysis
github.com · 2026-04-30

# Vulnerability Summary: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string() ## Vulnerability Overview - **Vulnerability Type**: Heap Overflow (Heap-based NULL WRITE Buffer Underf…

Read more
CVSS 4.4
AgentFlow Web API Default Arbitrary Local .py Execution via Pipeline Path
github.com · 2026-04-30

# Vulnerability Summary ## Overview The Web API of AgentFlow defaults to allowing pipeline files to be loaded via filesystem paths. This can lead to the execution of arbitrary local `.py` pipeline fil…

Read more
Premium intel
CVSS 6.5
Wazuh wazuh-remoted Pre-Auth Stack Buffer Overflow (CVE-2026-28221)
github.com · 2026-04-30

### Vulnerability Overview **Vulnerability Name**: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64 **Description**: - There is a stack-b…

Read more
Premium intel
CVSS 9.0
Wazuh Cluster Sync Path Traversal Vulnerability (CVE-2026-30893) with PoC
github.com · 2026-04-30

### Vulnerability Overview **Wazuh Cluster Synchronization Path Traversal Vulnerability** - **Vulnerability Description**: A path traversal vulnerability in the Wazuh cluster synchronization extractio…

Read more
DocsGPT MCP STDIO Config Unauthenticated RCE
github.com · 2026-04-30

# Vulnerability Summary: Unauthorized RCE in DocsGPT MCP STDIO Configuration ## Vulnerability Overview The MCP server configuration feature in DocsGPT contains an unauthorized Remote Code Execution (R…

Read more
CVSS 4.4
Wazuh Agent GetAlertData Heap-based NULL WRITE Buffer Underflow Analysis
github.com · 2026-04-30

# Vulnerability Summary: Heap-based NULL WRITE Buffer Underflow in GetAlertData ## Vulnerability Overview - **Type**: Heap-based NULL WRITE Buffer Underflow - **Triggering Function**: `GetAlertData` -…

Read more
CVSS 5.3
hermes-agent WeCom Adapter Arbitrary File Read Vulnerability (CWE-22)
github.com · 2026-04-30

# Vulnerability Summary: Arbitrary File Read Vulnerability in WeCom Adapter ## Vulnerability Overview - **Vulnerability ID**: #8733 - **Product Name**: hermes-agent - **Component**: gateway/platforms/…

Read more
Premium intel
CVSS 9.0
Wazuh v4.14.4 Security Bulletin: Heap Overflow, Race Condition, Path Handling Fixes
github.com · 2026-04-30

### Vulnerability Overview - **Wazuh v4.14.4** addresses multiple vulnerabilities, including heap buffer overflows, null pointer dereferences, and inconsistent timestamp formats. ### Affected Componen…

Read more
CVSS 4.7
SQL Injection in Pizzafy Ecommerce System (CVE-2026-7394) Analysis
github.com · 2026-04-30

# Vulnerability Summary: SQL Injection Vulnerability in Pizzafy Ecommerce System ## Vulnerability Overview * **Vulnerability Name**: SQL Injection in Pizzafy Ecommerce System — admin/view_order.php * …

Read more
CVSS 4.7
Pizzafy Ecommerce System 1.0 Unrestricted File Upload RCE (CVE-2026-7393)
github.com · 2026-04-30

# Pizzafy Ecommerce System 1.0 Remote Code Execution Vulnerability (CVE-2026-7393) ## Vulnerability Overview * **Vulnerability Type**: Unrestricted File Upload leading to Remote Code Execution (RCE). …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.