Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Security Intel Hub 25264+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Gibbon v30.0.00 SQLi/LFI/RCE Vulnerabilities and POC Code
projectblack.io · 2026-05-09

# Gibbon v30.0.00 Vulnerability Summary ## Vulnerability Overview Gibbon School Management Software (v30.0.00) contains several security vulnerabilities, including: - **SQL Injection**: Malicious SQL …

Read more
Premium intel
CVSS 7.5
Lix Daemon Integer Overflow Vulnerability (CVE-2026-44028) Analysis and POC
lix.systems · 2026-05-09

# Vulnerability Summary: Lix Integer Overflow Vulnerability (CVE-2026-44028) ## Vulnerability Overview * **Vulnerability Type**: Integer Overflow * **CVE ID**: CVE-2026-44028 * **Release Date**: May 5…

Read more
Gibbon v30.0.00 Authenticated SQL Injection and LFI to RCE Vulnerability Analysis
projectblack.io · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: Gibbon v30.0.00: Authenticated SQL Injection and RCE - **Vulnerability Types**: SQL Injection, Local File Inclusion (LFI), Denial of Service (DoS) …

Read more
CVSS 6.4
WordPress E2Pdf Authenticated Stored XSS Vulnerability Advisory
www.wordfence.com · 2026-05-09

# E2Pdf – Export Pdf Tool for WordPress Stored XSS Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: E2Pdf – Export Pdf Tool for WordPress <= 1.32.17 - Authenticated (Contribut…

Read more
Linkwarden Stored XSS via Client-Side Archive Upload
github.com · 2026-05-09

# Vulnerability Summary: Stored XSS via Client-Side Archive Upload ## Overview - **Vulnerability Type**: Stored Cross-Site Scripting (Stored XSS) - **Root Cause**: The archive upload endpoint of `link…

Read more
Premium intel
CVSS 9.1
LinkWarden SSRF Vulnerability: Cloud Metadata Credential Theft
github.com · 2026-05-09

# Vulnerability Summary: LinkWarden SSRF Vulnerability ## Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) * **Vulnerable Component**: `fetchTitleAndHeaders` function * **Descript…

Read more
pupnp CVE-2026-6582 SSRF via Port Truncation in parse_uri
github.com · 2026-05-09

# CVE-2026-6582 (CWE-195) Vulnerability Summary ## Vulnerability Overview **Title**: Port truncation via `atoi()` cast in `parse_uri()` allows SSRF port confusion **Description**: A port truncation vu…

Read more
pupnp release-1.18.5 fixes CVE-2026-41682 vulnerability
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-41682 - **Description**: Resolves a security vulnerability related to the upgrade of `softprops/action-gh-release` from version 2 to version…

Read more
Premium intel
CVSS 9.1
Sentry SSO Setup Identity Confusion Vulnerability Fix Analysis
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves an inconsistency between the IDP (Identity Provider) assertion email and the administrator identity linked within the authentication session duri…

Read more
Termix SSH Command Injection Vulnerability (CVE-2026-4253) Analysis and POC
github.com · 2026-05-09

# Vulnerability Summary: Termix-SSH Command Injection Vulnerability ## Vulnerability Overview A command injection vulnerability exists in the `extractArchive` and `compressFiles` endpoints due to the …

Read more
CVSS 8.1
TOTP Pending-Temp Token Allows Backup Code Regeneration and 2FA Bypass
github.com · 2026-05-09

### Vulnerability Overview **Vulnerability Name**: Pending-TOTP temporary token allows regeneration of backup codes, neutralizing TOTP **Vulnerability Description**: - On the `/users/login` endpoint, …

Read more
CVSS 4.3
anything-llm IDOR Vulnerability: Cross-User TTS Audio Disclosure
github.com · 2026-05-09

# Vulnerability Summary: Cross-User TTS Audio Disclosure via Chat ID (IDOR) ## Vulnerability Overview In the **Mintplex-Labs/anything-llm** project, an **Insecure Direct Object Reference (IDOR)** vuln…

Read more
CVSS 6.3
Grimmory Stored XSS via Malicious EPUB: Session Token Theft Analysis
github.com · 2026-05-09

# Stored XSS Vulnerability: Session Token Theft via Malicious EPUB ## Vulnerability Overview Grimmory's browser-based EPUB reader contains a stored Cross-Site Scripting (XSS) vulnerability. Attackers …

Read more
CVSS 6.6
Vim Heap Buffer Overflow in Spell File Loading (CVE-2026-4530)
github.com · 2026-05-09

# Vulnerability Summary: Heap Buffer Overflow in Vim Spell File Loading ## Vulnerability Overview - **Vulnerability Name**: Heap Buffer Overflow in spell file loading affects Vim When `todo` is suffic…

Read more
Premium intel
CVSS 9.9
Termix SSH OS Command Injection Vulnerability (CVE-2025-42454) Analysis
github.com · 2026-05-09

# Termix SSH OS Command Injection Vulnerability Summary ## Vulnerability Overview The Docker container management endpoint in Termix SSH is vulnerable to OS command injection. An attacker can execute …

Read more
CVSS 6.6
Vim spellfile.c Heap Buffer Overflow in read_compound
github.com · 2026-05-09

### 漏洞概述 在 `spellfile.c` 的 `read_compound()` 函数中存在一个堆缓冲区溢出漏洞。该漏洞发生在计算正则表达式模式缓冲区大小时,使用了有符号整数算术。当攻击者控制的 `SN_COMPOUND` 部分长度超过 400000000 字节时,由于 UTF-8 编码激活,乘法运算会回绕到 27,导致每字节循环写入超过 18 字节,从而溢出堆。 ### 影响范围 - *…

Read more
Vim path option backtick command execution vulnerability fix
github.com · 2026-05-09

### Vulnerability Overview - **Vulnerability Name**: The `path` option in `vim/vim` may lead to command execution. - **Problem Description**: When backticks are included in the `path` option, shell co…

Read more
Vim < 9.2.0435 OS Command Injection via Path Completion
github.com · 2026-05-09

# OS Command Injection via 'path' completion affects Vim < 9.2.0435 ## Vulnerability Overview The `:find` command-line completion feature in Vim contains an OS command injection vulnerability. When th…

Read more
CVSS 7.1
CVE-2025-4142 Stripe Webhook Signature Bypass Leads to Infinite Credit Fraud
github.com · 2026-05-09

# Stripe Webhook Signature Bypass Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Infinite Quota Fraud via Stripe Webhook Signature Bypass **Severity**: High (7.1/10) **CVE ID*…

Read more
Premium intel
CVSS 10.0
Arbitrary Code Execution in Postiz-app GitHub Actions Workflow (CVE-2026-42298)
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability Name**: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev - **Vulnerability Type**: Arbitrary Co…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.