Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 27403+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.3
OpenTelemetry Java W3C/OT/JaegerBaggagePropagator Missing Baggage Limits Vulnerability (GHSA-rcgp-9c38-7xpc)
github.com · 2026-05-29

### Vulnerability Overview In version 1.62.0 of the `open-telemetry/opentelemetry-java` repository, there is a vulnerability related to baggage entries. Specifically, the `io.opentelemetry.api.baggage…

Read more
Calico 3.31 Fix: Information Disclosure via Logging Client Config Secrets
github.com · 2026-05-29

### Vulnerability Overview This vulnerability involves the logging of sensitive information, specifically the logging of the complete client configuration (`cfg.Spec`), which may contain sensitive dat…

Read more
Calicoctl Client Logs Sensitive Config Info (K8sAPIToken/etcd) - Fix Details
github.com · 2026-05-29

### Vulnerability Overview This vulnerability involves the `calicoctl` client logging sensitive configuration information upon startup. Specifically, when `calicoctl` starts, it logs the client config…

Read more
Calico v3.32.0 calicoctl Creds Leakage via Log Fix
github.com · 2026-05-29

### Vulnerability Overview This vulnerability concerns the logging of sensitive information. Specifically, the `calicoctl` client manager logs the raw client configuration upon startup, which includes…

Read more
CVSS 4.3
CVE-2024-47875: Hono Cookie Set-Cookie Injection via sameSite/priority
github.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Cookie helper does not sanitize `sameSite` and `priority`, allowing Set-Cookie injection **Description**: In `hono/cookie`, the `serialize()` functio…

Read more
CVSS 4.8
hono/jwt Authorization Scheme Validation Bypass (CVE-2024-47873)
github.com · 2026-05-29

### Vulnerability Overview The JWT middleware accepts any `Authorization` scheme, not just `Bearer`. ### Affected Versions - **Affected Versions**: `< 4.12.21` - **Fixed Version**: `4.12.21` - **Affec…

Read more
Premium intel
CVSS 8.6
Zed IDE Arbitrary Command Execution via Malicious .git/config (fsmonitor) RCE
github.com · 2026-05-29

### Vulnerability Overview When opening a repository containing a malicious `.git/config` file, Zed IDE executes arbitrary commands. This vulnerability exploits Git's `core.fsmonitor` configuration op…

Read more
CVSS 6.4
Zed Editor Bash Variable Expansion Bypass Leading to RCE
github.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Allowlist Bypass via Bash Variable Expansion Chain in Terminal Tool Permissions **Description**: Zed's terminal tool permission system can be bypasse…

Read more
CloudNative-PG Metrics Exporter Privilege Escalation to OS RCE
github.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE **Description**: The CloudNative-pg metrics exporter establishes a co…

Read more
CVSS 8.7
CVE-2025-44543: local-path-storage Template Injection Vulnerability and POC
github.com · 2026-05-29

### Vulnerability Overview - **Vulnerability Name**: HelperPod Template Injection - **CVE ID**: CVE-2025-44543 - **CVSS v3 Base Metrics**: - Attack Vector: Network - Attack Complexity: Low - Privilege…

Read more
TP-Link Archer C64 Improper Authentication Rate Limiting Vulnerability (CVE-2026-8697)
www.tp-link.com · 2026-05-29

### Vulnerability Overview - **Vulnerability Name**: Improper Authentication Rate Limiting on Archer C64 (CVE-2026-8697) - **Description**: Due to the lack of rate limiting on authentication attempts,…

Read more
TP-Link Archer C64 V1 Firmware Update - Fixes Mesh Access Control Bypass
www.tp-link.com · 2026-05-29

### Vulnerability Overview This page primarily provides firmware update information for the TP-Link Archer C64 V1 router and does not explicitly mention specific vulnerabilities. However, firmware upd…

Read more
CVSS 8.7
TinyMCE Media Plugin XSS Vulnerability via data-mce-object Attribute
github.com · 2026-05-29

### Vulnerability Overview A cross-site scripting (XSS) vulnerability exists in the TinyMCE media plugin, allowing attackers to inject malicious scripts by crafting the `data-mce-object` attribute. Th…

Read more
Linux Kernel GCM Module gcm_decrypt_verify ct_len=0 Output Buffer Overflow Analysis
github.com · 2026-05-29

### Vulnerability Overview This vulnerability involves the `gcm` encryption module within the Linux kernel, specifically in the `crypto/AuthEnc_GCM.c` file. The issue lies in the `gcm_decrypt_verify` …

Read more
Python Liquid Absolute Path Arbitrary File Read Vulnerability (CVE-2026-45017)
github.com · 2026-05-29

### Vulnerability Overview - **Vulnerability Name**: Absolute paths escape filesystem loader search path - **CVE ID**: CVE-2026-45017 - **Severity**: High - **Description**: In `FilesystemLoader` and …

Read more
CVSS 8.7
CVE-2022-2133: TinyMCE html Plugin Cross-Site Scripting Vulnerability with POC
www.tiny.cloud · 2026-05-29

# CVE-2022-2133 ## Vulnerability Overview TinyMCE is a popular rich text editor used by many websites for content creation and editing. CVE-2022-2133 is a cross-site scripting (XSS) vulnerability pres…

Read more
CVSS 8.7
TinyMCE XSS via unvalidated data-mce-* attributes (CVE-2026-47759)
github.com · 2026-05-29

### Vulnerability Overview TinyMCE is affected by a cross-site scripting (XSS) vulnerability. Attackers can inject malicious values into unverified `data-mce-*` attributes (such as `data-mce-href`, `d…

Read more
CVSS 8.7
TinyMCE Cross-Site Scripting Vulnerability via mce:protected (CVE-2024-47762)
github.com · 2026-05-29

### Vulnerability Overview TinyMCE contains a cross-site scripting (XSS) vulnerability triggered via the `mce:protected` comment. Attackers can exploit this vulnerability to bypass sanitization during…

Read more
CVSS 5.3
Unauthenticated DoS in PyJWT via unbounded Base64URL decoding in detached JWS
github.com · 2026-05-29

### Vulnerability Overview **Title**: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in `b64=false` detached JWS **Description**: When validating an unauthenticated pay…

Read more
CVSS 5.4
PyJWT Algorithm Allowlist Bypass via PyJWK Object (PoC Included)
github.com · 2026-05-29

### Vulnerability Overview In PyJWT versions 2.12.1 and earlier, when decoding a JWT using the `jwt.decode()` or `jwt.decode_complete()` methods, an algorithm whitelist bypass vulnerability exists if …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.