Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 27403+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.4
PyJWT Vulnerability: Algorithm Confusion via Mixed Family Support with HMAC/RSA
github.com · 2026-05-29

# Vulnerability Overview When a validator decodes a JSON Web Token (JWT), if it supports both asymmetric and HMAC algorithms, the library does not verify the proper usage of JSON Web Keys within the H…

Read more
Premium intel
CVSS 8.8
phpMyFAQ IDOR Privilege Escalation to SuperAdmin via API
github.com · 2026-05-29

### Vulnerability Overview phpMyFAQ contains an insecure direct object reference (IDOR) vulnerability, allowing any authenticated administrator to change the password of any account (including the Sup…

Read more
CVSS 3.7
PyJWKClient Unbound JWKS Endpoint Request DoS via Attacker-Controlled Kid
github.com · 2026-05-29

### Vulnerability Overview **PyJWKClient Unbounded JWKS Endpoint Requests via Attacker-Controlled `kid` Values (DoS)** - **Description**: When JWKS retrieval fails, an attacker can trigger unbounded J…

Read more
CVSS 4.2
PyJWTClient SSRF and Token Forgery via Missing Scheme Whitelist (CVE-2024-48522)
github.com · 2026-05-29

### Vulnerability Overview **PyJWTClient: Missing scheme whitelist leads to CVE-2024-21643-like SSRF + token forgery via `file://`, `ftp://`, `data:` schemes** - **Vulnerability Description**: PyJWTCl…

Read more
Premium intel
CVSS 7.5
phpMyFAQ <= 4.1.2 API Empty Token Auth Bypass Vulnerability
github.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Default Empty API Token Authentication Bypass **Vulnerability Description**: In phpMyFAQ versions 4.1.2 and earlier, the default configuration contai…

Read more
Premium intel
CVSS 8.2
phpMyFAQ API Auth Bypass RCE via Password Reset (PoC Included)
github.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration **Description**: There is an authentication bypass vulnerability …

Read more
Premium intel
CVSS 7.5
phpMyFAQ < 4.1.3 Authentication Bypass via Empty x-pmf-token (CVE-2026-35672)
www.vulncheck.com · 2026-05-29

### Vulnerability Overview Version 4.0 of phpMyFAQ contains an authentication bypass vulnerability. Attackers can bypass token validation by sending an empty `x-pmf-token` header and inject malicious …

Read more
Legacy Route Path Traversal RCE in esm.sh (CVE-2026-4593)
github.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Legacy Route Path Traversal Can Lead to RCE **CVE ID**: CVE-2026-4593 **Severity**: Critical **Published**: 3 weeks ago **Affected Versions**: < v137…

Read more
CVSS 8.2
phpMyFAQ Unauthenticated Password Reset & User Enumeration via Reset Endpoint
github.com · 2026-05-29

### Vulnerability Overview **Title**: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation **Description**: Upon reviewing `phpMyFAQ-main…

Read more
CVSS 7.5
LFI via esbuild package.json browser field allowing arbitrary file read
github.com · 2026-05-29

### Vulnerability Overview **Title**: Path Traversal via package.json browser field allows reading arbitrary server files **Description**: - **Vulnerability Type**: Local File Inclusion (LFI) - **Affe…

Read more
CVSS 5.3
Geo Mashup <= 1.13.19 Missing Authorization to Unauthenticated Plugin Settings Disclosure (CVE-2026-7552)
www.wordfence.com · 2026-05-29

### Vulnerability Overview - **Vulnerability Name**: Geo Mashup <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure via 'geo_mashup_content' Parameter - **CVE ID**: CVE-20…

Read more
Windows Zero-Click NTLMv2 Hash Capture via LNK File (CVE-2026-32202) and POC
www.exploit-db.com · 2026-05-29

### Vulnerability Overview - **Vulnerability Name**: Microsoft - NTLMv2 Hash Capture - **EDB-ID**: 52601 - **CVE**: 2026-32202 - **Author**: nullsecurity - **Type**: Remote - **Platform**: Windows - *…

Read more
MikroORM SQL Injection Vulnerability Advisory (CVE-2026-44680) with POC
www.exploit-db.com · 2026-05-29

### Vulnerability Overview - **Vulnerability Name**: MikroORM 7.0.13 - SQL Injection - **EDB-ID**: 52600 - **CVE**: 2026-44680 - **Author**: CARDOSOURCE - **Type**: WEBAPPS - **Platform**: MULTIPLE - …

Read more
Prodigy Commerce <=3.2.9 LFI Vulnerability (CVE-2026-0926)
www.exploit-db.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Prodigy Commerce 3.3.0 - Local File Inclusion **EDB-ID**: 52598 **CVE**: CVE-2026-0926 **Author**: DIAMORPHINE **Type**: WEBAPPS **Platform**: MULTIP…

Read more
Langflow 1.3.0 Pre-Auth Remote Code Execution via exec_globals (CVE-2026-0770)
www.exploit-db.com · 2026-05-29

### Vulnerability Overview A Remote Code Execution (RCE) vulnerability exists in Langflow 1.3.0. This vulnerability arises because the `exec_globals` parameter in the `validate` endpoint includes func…

Read more
Quick Playground for WordPress 1.3.1 Unauthenticated RCE via REST API Upload
www.exploit-db.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution **EDB-ID**: 52596 **CVE**: CVE-2026-1830 **Release Date**: 2026-05-29 **…

Read more
ImageMagick MIFF Decoder Infinite Loop CPU Exhaustion DoS (CVE-2026-46522)
www.exploit-db.com · 2026-05-29

# ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion ## Vulnerability Overview An infinite loop in ImageMagick's MIFF decoder can lead to CPU exhaustion. ## Impact Scope - **Pl…

Read more
ZTE Routers Unauthenticated DoS Vulnerability (CVE-2026-34473)
www.exploit-db.com · 2026-05-29

### Vulnerability Overview - **Vulnerability Title**: ZTE Routers - Unauthenticated Denial of Service - **EDB-ID**: 52994 - **CVE**: CVE-2026-34473 - **Author**: Mina Nageh Salama - **Type**: LOCAL - …

Read more
ZTE ZXHN H188A V6 Authentication Bypass and Credential Disclosure (CVE-2026-34472)
www.exploit-db.com · 2026-05-29

### Vulnerability Overview - **Vulnerability Name**: ZTE ZXHN H188A V6 - Authentication Bypass - **EDB-ID**: 52593 - **CVE**: 2026-34472 - **Author**: Mina Nageh Salama (Monx Research) - **Type**: LOC…

Read more
ZTE Routers Unauthenticated Sensitive Data Exposure via HTTP GET (CVE-2026-34474)
www.exploit-db.com · 2026-05-29

# ZTE H298A / H108N - Unauthenticated Credential Exposure ## Vulnerability Overview - **EDB-ID**: 52592 - **CVE**: 2026-34474 - **Author**: Mina Nageh Salama (Monx Research) - **Type**: LOCAL - **Plat…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.