Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24809+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.4
Authenticated Stored XSS in WordPress Plugin IP2Location Country Blocker 2.26.7 with POC
www.exploit-db.com · 2026-05-10

# Stored Cross-Site Scripting (XSS) Vulnerability in IP2Location Country Blocker 2.26.7 for WordPress ## Vulnerability Overview This vulnerability exists in version **2.26.7** of the WordPress plugin …

Read more
CVSS 6.1
uBidAuction v2.0.1 Multiple Non-Persistent XSS Vulnerabilities with PoC
www.vulnerability-lab.com · 2026-05-10

# uBidAuction v2.0.1 多个非持久性 XSS 漏洞总结 ## 漏洞概述 * **漏洞名称**:uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities * **漏洞类型**:非持久性跨站脚本 (Non-Persistent XSS) * **CVSS 评分**:5.4 * **发现时间**:2022-01-21 * **漏洞详情*…

Read more
CVSS 5.4
WordPress Plugin AAWP 3.16 Authenticated Reflected XSS Vulnerability with POC
www.exploit-db.com · 2026-05-10

# WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross-Site Scripting (XSS) (Authenticated) ## Vulnerability Overview This vulnerability exists in the WordPress plugin AAWP version 3.16. An attacker can…

Read more
CVSS 6.4
Stored XSS in WordPress Testimonial Slider and Showcase 2.2.6
www.exploit-db.com · 2026-05-10

# Stored Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin Testimonial Slider and Showcase 2.2.6 ## Vulnerability Overview A stored cross-site scripting (XSS) vulnerability exists in versio…

Read more
CVSS 6.1
WordPress Plugin International Sms For Contact Form 7 Integration V1.2 Reflected XSS Vulnerability and POC
www.exploit-db.com · 2026-05-10

# WordPress Plugin "International Sms For Contact Form 7 Integration" V1.2 Cross-Site Scripting (XSS) Vulnerability ## Vulnerability Overview - **Vulnerability Type**: Cross-Site Scripting (XSS) - **E…

Read more
Premium intel
CVSS 6.2
WordPress cab-fare-calculator Plugin LFI Vulnerability
www.exploit-db.com · 2026-05-10

# Local File Inclusion Vulnerability in WordPress Plugin cab-fare-calculator 1.0.3 ## Vulnerability Overview - **Vulnerability Type**: Local File Inclusion (LFI) - **Affected Application**: WordPress …

Read more
CVSS 6.4
WordPress Plugin Videos sync PDF 1.7.4 Stored XSS Vulnerability Advisory
www.exploit-db.com · 2026-05-10

# WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross-Site Scripting (XSS) ## Vulnerability Overview This vulnerability exists in version 1.7.4 of the WordPress plugin "Videos sync PDF". Due to the …

Read more
CVSS 6.1
uBidAuction 2.0.1 Reflected XSS in tickets/manage via date parameters
www.vulncheck.com · 2026-05-10

# uBidAuction 2.0.1 tickets manage Reflected XSS ## Vulnerability Overview A Reflected Cross-Site Scripting (XSS) vulnerability exists in the `tickets/manage` module of uBidAuction 2.0.1. Due to insuf…

Read more
CVSS 6.4
WordPress Plugin Motopress Hotel Booking Lite 4.2.4 Stored XSS Vulnerability with PoC
www.exploit-db.com · 2026-05-10

# Stored Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin Motopress Hotel Booking Lite 4.2.4 ## Vulnerability Overview This vulnerability exists in version 4.2.4 of the WordPress plugin Mo…

Read more
Premium intel
CVSS 8.8
Aero CMS v0.0.1 PHP Code Injection Vulnerability Advisory with POC
www.exploit-db.com · 2026-05-10

# Aero CMS v0.0.1 PHP Code Injection Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Aero CMS v0.0.1 - PHP Code Injection (auth) - **EDB-ID**: 51085 - **Author**: Hubert Wojc…

Read more
CVSS 5.3
Canias ERP Pre-Auth Authentication Bypass Vulnerability Summary and POC
gist.github.com · 2026-05-10

# Canias ERP Authentication Bypass Vulnerability Summary ## Vulnerability Overview The Canias ERP system contains an authentication bypass vulnerability. Attackers can exploit a logic flaw in the syst…

Read more
CVSS 5.3
Canas ERP GETSERVERINFO Pre-Auth Information Disclosure POC
gist.github.com · 2026-05-10

# Canas ERP GETSERVERINFO Pre-Authentication Vulnerability ## Vulnerability Overview The Canas ERP system contains a pre-authentication vulnerability that allows attackers to retrieve sensitive server…

Read more
CVSS 2.9
libexpat Attribute Collision DoS CVE-REQUESTed with POC
github.com · 2026-05-10

# CVE-REQUESTED: Prevent Denial of Service (DoS) Due to Attribute Collision Check #1216 ## Vulnerability Overview This vulnerability involves the attribute collision check mechanism in the `libexpat` …

Read more
CVSS 5.5
MiniClaw Command Injection Vulnerability Fix and POC Verification
github.com · 2026-05-10

# Vulnerability Summary ## Overview **Vulnerability Type**: Command Injection **Description**: In the `MiniClaw` project, command-line arguments are not properly escaped when executing skill scripts, …

Read more
CVSS 8.8
ipTIME A8004T Buffer Overflow RCE Vulnerability in WifiBasicSet
github.com · 2026-05-10

# ipTIME Router A8004T 14.18.2 Buffer Overflow in /goform/WifiBasicSet ## Vulnerability Overview * **Vulnerability Type**: Buffer Overflow * **Affected Product**: ipTIME Router A8004T (Firmware Versio…

Read more
CVSS 5.3
WordPress Logitivity Unauthenticated Information Disclosure via REST API
www.wordfence.com · 2026-05-10

### Vulnerability Overview - **Vulnerability Name**: Activity Logs, User Activity Tracking, Multisite Activity Log from Logitivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API - **Vu…

Read more
PHP ext-dom CVE-2026-7253 DoS via DOMNode::C14N()
github.com · 2026-05-10

# DoS attack via DOMNode::C14N() ## Vulnerability Overview - **CVE ID**: CVE-2026-7253 - **GHSA ID**: GHSA-4jhr-8w89-7733 - **CVSS Score**: 8.2 / 10 (High) - **Description**: Incorrectly removing an `…

Read more
CVSS 6.3
SQL Injection Vulnerability in codeastro Online Catering Ordering System V1.0
github.com · 2026-05-10

# Vulnerability Summary: SQL Injection in codeastro Online Catering Ordering System V1.0 ## Vulnerability Overview * **Vulnerability Name**: SQL Injection in `/catering-orderphp/index.php` of codeastr…

Read more
NULL pointer dereference in PHP SOAP apache:Map decoder causing DoS
github.com · 2026-05-10

# NULL pointer dereference in SOAP apache:Map decoder with missing ## Vulnerability Overview When decoding an `apache:Map` node in `ext/soap/php_encoding.c`, the `` branch correctly checks for a missi…

Read more
PHP ext-soap Use-After-Free in Session-Persisted Objects (CVE-2025-7261)
github.com · 2026-05-10

# SoapServer session-persisted object use-after-free via SOAP header fault ## Vulnerability Overview This vulnerability affects PHP's `ext-soap` extension. When the `SOAP_PERSISTENCE_SESSION` flag is …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.