Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 25869+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 6.6
Unsafe Dynamic Class Instantiation in CtrlPanel-gg/panel Leading to Potential RCE (CVE-2026-3426)
github.com · 2026-05-22

# Vulnerability Summary: Unsafe Dynamic Class Instantiation in Admin Settings ## Vulnerability Overview **Title**: Unsafe Dynamic Class Instantiation in Admin Settings Allows Potential Remote Code Exe…

Read more
CVSS 6.5
CVE-2026-54233: Missing Authorization on Admin DataTable Endpoints
github.com · 2026-05-22

# Vulnerability Summary: Missing Authorization on Admin Datatable Endpoints ## Vulnerability Overview **Title**: Missing Authorization on Admin Datatable Endpoints Allows Unauthorized Access to Sensit…

Read more
Premium intel
CVSS 9.1
CubeCart v6 Smarty SSTI/RCE Vulnerability Fix (GHSA-wpjx-g989-qcg5)
github.com · 2026-05-22

### Vulnerability Overview - **Vulnerability Name**: GHSA-wpjx-g989-qcg5 - **Vulnerability Type**: SSTI/RCE (Server-Side Template Injection/Remote Code Execution) - **Vulnerability Description**: In C…

Read more
CVSS 8.1
Missing Authorization on Admin Write Endpoints Allows RBAC Bypass in CtrlPanel-gg/panel
github.com · 2026-05-22

# Vulnerability Summary: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass ## Vulnerability Overview This vulnerability exists in the `CtrlPanel-gg/panel` project. Multiple admin contr…

Read more
Premium intel
CVSS 9.1
Authenticated Arbitrary File Upload to RCE in CubeCart 6.x REST Files API
github.com · 2026-05-22

# Vulnerability Summary: Authenticated Arbitrary File Upload to RCE in REST Files API ## Vulnerability Overview - **Vulnerability Type**: Authenticated arbitrary file upload leading to Remote Code Exe…

Read more
Premium intel
CVSS 7.2
CubeCart Pre-Auth RCE: Unauthenticated Code Execution via Invoice Editor PHP Injection
github.com · 2026-05-22

### 漏洞概述 在 CubeCart 6.6.x 到 6.7.2 版本中,具有 `documents` 编辑权限的管理员可以将包含 `` 的原始 PHP 代码保存到 Invoice Editor。当任何用户点击订单上的 Print 按钮时,渲染的模板会被写入 `files/print-.php`。`files/.htaccess` 文件允许所有用户访问 `` 文件,导致未认证的访问者可以执行这些…

Read more
CVSS 7.2
CubeCart v6.x Authenticated Time-Based Blind SQL Injection Vulnerability and Exploitation
github.com · 2026-05-22

### Vulnerability Overview **Vulnerability Name**: Time-based Blind SQL Injection **Vulnerability Description**: An authenticated time-based blind SQL injection vulnerability has been discovered in th…

Read more
Premium intel
CVSS 8.1
CubeCart Pre-Auth Password Reset Link Poisoning via HTTP Host Header (CVE-2026-4505)
github.com · 2026-05-22

# Vulnerability Overview **Vulnerability Name**: Pre-Authenticated Password Reset Link Poisoning via HTTP Host Header **CVE ID**: CVE-2026-4505 **CVSS Score**: 8.1 / 10 (High) **Affected Versions**: C…

Read more
CVSS 6.1
CubeCart v6 Unauthenticated Reflected XSS Vulnerability Details
github.com · 2026-05-22

# Vulnerability Summary: CubeCart v6 Reflected XSS Vulnerability ## Vulnerability Overview An unauthenticated reflected XSS vulnerability exists in the CubeCart v6 store search bar. Due to a logic fla…

Read more
Premium intel
CVSS 9.1
SSTI in Smarty Templates leading to RCE (CVE-2026-6714)
github.com · 2026-05-22

### Vulnerability Overview - **Vulnerability Name**: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE - **Vulnerability Type**: Server-Side Template Injection (SSTI) - **Impact…

Read more
CVSS 4.8
CubeCart v6.x Stored XSS Vulnerability Analysis with PoC
github.com · 2026-05-22

# CubeCart v6.x.x Stored Cross-Site Scripting (XSS) Vulnerability Summary ## Vulnerability Overview CubeCart v6.x.x contains a stored cross-site scripting (XSS) vulnerability. An attacker with adminis…

Read more
Premium intel
CVSS 9.1
CubeCart Smarty SSTI to RCE via File Manager POC
github.com · 2026-05-22

# Smarty Template Injection (SSTI) Leading to Remote Code Execution (RCE) Vulnerability Summary ## Vulnerability Overview CubeCart v6 contains a Server-Side Template Injection (SSTI) vulnerability. Du…

Read more
CVSS 4.9
Authenticated SQL Injection in CubeCart v6 Admin Orders Listing (sort[])
github.com · 2026-05-22

# Vulnerability Summary: Authenticated SQL Injection via 'sort[]' Parameter in Admin Orders Transactions Listing ## Vulnerability Overview - **Vulnerability Type**: Authenticated SQL Injection - **Vul…

Read more
GHSA Advisory: @uiw/react-md-editor XSS Vulnerability Fix and Patch Details
github.com · 2026-05-22

### Vulnerability Overview - **Vulnerability Name**: `@uiw/react-md-editor` has an insecure default configuration, which may lead to a cross-site scripting (XSS) vulnerability. - **Vulnerability Descr…

Read more
Phoenix Storybook LiveView Unbounded Atom Creation DoS (PoC)
github.com · 2026-05-22

### Vulnerability Overview **Title**: Unbounded atom creation from LiveView event params (atom-table DoS) **Description**: An attacker can trigger a BEAM atom table overflow by sending specific LiveVi…

Read more
Cross-session PubSub Topic Injection in PhoenixStorybook (<1.1.0)
github.com · 2026-05-22

# Cross-Session PubSub Topic Injection Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Cross-Session PubSub Topic Injection via URL Parameters - **Description**: The `Phoenix…

Read more
EcclesiaCRM Incomplete Fix SQL Injection CVE-2026-44418 Analysis
github.com · 2026-05-22

# Vulnerability Summary: CVE-2026-35184 ## Vulnerability Overview **Title**: Incomplete fix for CVE-2026-35184: SQL Injection in philif67/ecclesiacrm **CVE ID**: CVE-2026-44418 **Severity**: High **De…

Read more
Premium intel
CVSS 8.2
PhotoStructure exittool Argument Injection via Newlines: CVE Analysis and Mitigation
github.com · 2026-05-22

# Vulnerability Summary: Argument injection via newline characters in tag names ## Vulnerability Overview In the `photostructure/exittool-vendored.js` project, the `exittool` utility, when operating i…

Read more
CVSS 7.5
PHPSpreadsheet CPU DoS via Unbounded Row Number in XLSX
github.com · 2026-05-22

# PHPSpreadsheet Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions - **Vulnerability Type**: Denial of Ser…

Read more
CVSS 7.5
PhpSpreadsheet Unbounded Row Index DoS in SpreadsheetML XML Reader CVE
github.com · 2026-05-22

### Vulnerability Overview **Vulnerability Name**: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader **Vulnerability Description**: The SpreadsheetML XML Reader (`Reader\Xml`) …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.