Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 25102+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.7
GitHub CLI exec approvals security policy bypass fix
github.com · 2026-04-29

# GitHub Security Vulnerability Summary ## Vulnerability Overview **Vulnerability Title**: Exec approvals: reject shell init-file script matches (#58369) **Vulnerability Type**: Security policy bypass…

Read more
CVSS 5.4
OpenClaw BOLA Vulnerability (CVE-2024-45678) with POC
github.com · 2026-04-29

# Vulnerability Summary ## Overview The OpenClaw platform has an **insecure direct object reference vulnerability** (CVE-2024-45678). An attacker can bypass the permission verification mechanism by cr…

Read more
Premium intel
CVSS 9.4
Carlson VASCO-B GNSS Receiver Missing Authentication Vulnerability (CVE-2026-3893)
github.com · 2026-04-29

# Vulnerability Information Summary ## Vulnerability Overview - **CVE ID**: CVE-2026-3893 - **CVSS Score**: 9.4 (CRITICAL) - **Vulnerability Description**: The Carlson VASCO-B GNSS Receiver lacks an a…

Read more
CVSS 5.6
O2OA NodeAgent Unauthenticated RCE via Weak Auth
github.com · 2026-04-29

# [Security] RCE in NodeAgent due to a fixed-prefix weak authentication mechanism (o2oa ` requests and queues them for execution. 5. The command scheduler includes `restart` as an accepted command, wh…

Read more
CVSS 4.7
Pizzafy Ecommerce System 1.0 SQL Injection Vulnerability Analysis
github.com · 2026-04-29

# Pizzafy Ecommerce System 1.0 SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Error-Based SQL Injection * **Affected Version**: Pizzafy Ecommerce System 1.0 * …

Read more
CVSS 9.4
CVE-2026-3893: Carlson VASCO-B GNSS Receiver Missing Authentication for Critical Function
www.cve.org · 2026-04-29

# CVE-2026-3893 Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: CVE-2026-3893 * **Vulnerability Title**: Carlson Software VASCO-B GNSS Receiver Missing Authentication for Criti…

Read more
HTMLy v3.1.1 Stored XSS Leading to Admin Takeover (CVE-2026-38949)
github.com · 2026-04-29

# CVE-2026-38949 Summary ## Vulnerability Overview - **Vulnerability Name**: Stored Cross-Site Scripting (Stored XSS) vulnerability in HTMLy v3.1.1 leading to administrator account takeover. - **Vulne…

Read more
CVSS 6.3
Jeecg Boot <= v3.9.1 SQL Injection Vulnerability and POC
github.com · 2026-04-29

# Jeecg Boot SQL Injection Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: #9491 * **Vulnerability Type**: SQL Injection (SQLi) * **Affected Versions**: Jeecg Boot <= v3.9.1 * …

Read more
CVSS 6.3
JeecgBoot SQL Injection Vulnerability Fix Details
github.com · 2026-04-29

# JeecgBoot SQL Injection Vulnerability Summary ## Vulnerability Overview JeecgBoot contains an SQL injection vulnerability. Attackers can bypass the existing SQL injection filtering mechanism by cons…

Read more
CVSS 6.3
Authenticated SSRF in O2OA via Unrestricted File URL Fetching
github.com · 2026-04-29

# Vulnerability Summary: O2OA Authentication SSRF Vulnerability ## Vulnerability Overview **Title**: Authenticated SSRF in `/x_file_assemble_control/jaxrs/file/upload/with/url` via unrestricted fileUr…

Read more
WireGuard Web UI Host/Node Management Unauthenticated Access Fix
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves fixes to the host authorization function, specifically checking the validity of tokens. The fix aims to enhance system security and prevent unaut…

Read more
Netmaker v1.4.0 JWT Verification Bypass Vulnerability (CVE-2026-38651) Analysis
www.zyenra.com · 2026-04-29

### Vulnerability Overview **CVE-2026-38651: JWT Verification Bypass in Netmaker Allows Unauthenticated Access to Host Endpoints** Netmaker is an open-source WireGuard network management platform. In …

Read more
FUEL CMS 1.5.2 Stored XSS Leading to Admin Takeover (CVE-2026-38948)
github.com · 2026-04-29

# CVE-2026-38948 Vulnerability Summary ## Overview * **Vulnerability Name**: FUEL CMS 1.5.2 Stored Cross-Site Scripting (Stored XSS) Leading to Administrator Account Takeover * **CVE ID**: CVE-2026-38…

Read more
CVSS 5.3
Cista v0.15 Unsafe Deserialization Memory Address Leak
gist.github.com · 2026-04-29

# Vulnerability Summary: Cista v0.15 Deserialization Memory Address Leak ## Vulnerability Overview In Cista v0.15 and earlier versions, there is an insecure deserialization issue. When deserializing u…

Read more
Netmaker v1.4.0 JWT Verification Bypass Vulnerability (CVE-2026-38651) Analysis and POC
www.zyenra.com · 2026-04-29

# CVE-2026-38651: Netmaker JWT Verification Bypass Vulnerability Summary ## Vulnerability Overview Netmaker v1.4.0 has a flaw in its JWT verification logic. The `VerifyHostToken` function only checks …

Read more
HPX v1.11.0 Unsafe Deserialization Type Confusion Leading to RCE
gist.github.com · 2026-04-29

# Vulnerability Summary: HPX v1.11.0 Deserialization Type Confusion ## Vulnerability Overview An unsafe deserialization vulnerability was discovered in HPX v1.11.0 and earlier versions. Due to insuffi…

Read more
Premium intel
CVSS 8.8
D-Link DIR-825m v1.1.12 Buffer Overflow in /boafrm/formVpnConf1gSetup
github.com · 2026-04-29

# D-Link DIR-825m v1.1.12 Buffer Overflow Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: D-Link Router DIR-825m v1.1.12 - Buffer Overflow in /boafrm/formVpnConf1gSetup * **V…

Read more
CVSS 4.7
Pre-Auth SQL Injection in Pharmacy Sales and Inventory System V1.0
github.com · 2026-04-29

# Vulnerability Summary: SQL Injection in Pharmacy Sales and Inventory System V1.0 ## Vulnerability Overview * **Affected Product**: Pharmacy Sales and Inventory System V1.0 * **Vulnerability Type**: …

Read more
CVE-2025-67223: Aranda Service Desk Information Disclosure Vulnerability with PoC
github.com · 2026-04-29

# CVE-2025-67223: Aranda Service Desk Access Control Error and Information Disclosure ## Vulnerability Overview A critical vulnerability was discovered in the file management module of Aranda Service …

Read more
CVSS 8.8
D-Link DIR-825m v1.1.12 Buffer Overflow in /boafrm/formWanConfig1gSetup
github.com · 2026-04-29

# D-Link DIR-825m v1.1.12 Buffer Overflow Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Buffer Overflow in /boafrm/formWanConfig1gSetup * **Vulnerability Type**: Buffer Ove…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.