Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 26046+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 8.8
OpenHarmony April 2026 Security Advisory: Multiple CVEs in web_webview, Kernel, and third-party libraries
gitcode.com · 2026-05-22

# April 2026 Security Vulnerability Summary ## Vulnerability Overview During the OpenHarmony 5.0 phase, security vulnerability maintenance is currently primarily focused on the **OpenHarmony-5.0.3-Rel…

Read more
CVSS 8.4
OpenHarmony 5.0-6.0 Security Vulnerability Summary and Patch Advisory
gitcode.com · 2026-05-22

# May 2026 Security Vulnerability Summary ## Vulnerability Overview This page lists the CVE vulnerability list primarily maintained for the **OpenHarmony-5.0.3-Release** branch within the **OpenHarmon…

Read more
Medical Management System Unauthorized Password Reset via @IgnoreAuth Annotation
gitee.com · 2026-05-22

# Medical Management System Unauthorized Password Reset Vulnerability Summary ## Vulnerability Overview The medical management system contains an unauthorized password reset vulnerability. Attackers c…

Read more
CVSS 7.3
Beetl SpELFunction Expression Injection Vulnerability Analysis
gitee.com · 2026-05-22

# Vulnerability in Beetl's SpELFunction When Enabled: Expression Injection Risk ### Vulnerability Overview * **Vulnerability Type**: CWE-917 (Expression Language Injection) * **Vulnerability Descripti…

Read more
Premium intel
CVSS 8.5
GHSA SSRF via Cluster Proxy Middleware in nginx-ui Allows Access to Internal Services
github.com · 2026-05-22

# Vulnerability Summary: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware ## Vulnerability Overview - **Vulnerability Name**: Server-Side Request Forgery (SSRF) via Cluster Proxy Middle…

Read more
CVSS 7.5
NerdBank.MessagePack Multiple CVEs Vulnerability Fix and Security Analysis
github.com · 2026-05-22

# NerdBank.MessagePack Vulnerability Fix Summary ## Vulnerability Overview This Pull Request addresses multiple security vulnerabilities in the MessagePack library, primarily involving flaws in input …

Read more
CVSS 7.5
NerdBank.MessagePack Input Parsing Vulnerability Fix in v1.1.62
github.com · 2026-05-22

# NerdBank.MessagePack Vulnerability Summary ## Vulnerability Overview An input parsing issue was discovered in the `NerdBank.MessagePack` library, which could lead to other correctness issues. This v…

Read more
XSS Vulnerability in Template::Plugin::HTML due to improper single quote escaping
github.com · 2026-05-22

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves the improper escaping of single quotes in an HTML filter, leading to the creation of an XSS (Cross-Site Scripting) risk. S…

Read more
Premium intel
CVSS 8.2
open-webSearch fetchWebContent SSRF Vulnerability Analysis (CVE-style)
github.com · 2026-05-22

# Vulnerability Summary: open-webSearch `fetchWebContent` MCP Tool SSRF Vulnerability ## Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the `fetchWebContent` MCP t…

Read more
CVSS 7.5
CVE-2026-44375: Stack Overflow DoS in Nerdbank.MessagePack DateTime Decoding
github.com · 2026-05-22

# Vulnerability Overview **Title**: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException **Severity**: High (CVSS v3 base metrics: 7.5 / 10) **CVE ID**…

Read more
CVSS 8.8
OpenImageIO DPX Decoder Integer Overflow Vulnerability Analysis
github.com · 2026-05-22

# Vulnerability Summary: OpenImageIO DPX 4:2:2 Decoder Heap Overflow Vulnerability ## Vulnerability Overview In the `ConvertCbYCrYToRGB` function, the pixel index expression `i * 3` is at risk of a 32…

Read more
CVSS 8.3
Integer Overflow Heap OOB Write in OpenImageIO DPX Decoder
github.com · 2026-05-22

### Vulnerability Overview **Vulnerability Name**: Integer overflow in QueryRGBBufferSizeInternal leads to heap out-of-bounds write in DPX decoder (kCbYCr and kABGR) **Description**: - This vulnerabil…

Read more
OpenImageIO HEIF Decoder Heap Overflow Vulnerability Analysis (CVE-2026-4306)
github.com · 2026-05-22

# OpenImageIO HEIF Heap Overflow Vulnerability Summary ## Vulnerability Overview A heap-based buffer overflow vulnerability exists in the HEIF decoder of OpenImageIO. Due to a mismatch in subimage met…

Read more
Premium intel
CVSS 8.8
OpenImageIO Signed Integer Overflow in SwapRGBABytes Leads to OOB R/W (CVE-2026-4309)
github.com · 2026-05-22

# 漏洞概述 **标题**: Signed integer overflow in SwapRGBABytes loop index leads to out-of-bounds read/write in DPX ABGR decoder **描述**: 在 `SwapRGBABytes` 函数的循环索引表达式 `i * 4` 中存在一个有符号 32 位整数溢出。该函数用于计算较大的指针偏移量,…

Read more
CVSS 5.5
CVE-2025-4396: Integer wraparound in OpenImageIO TGA decoder causes OOB read
github.com · 2026-05-22

# Vulnerability Overview **Title**: Integer wraparound in bounds check of decode_pixel leads to out-of-bounds read in TGA paletted image decoder **Description**: In the TGA image decoder, the `decode_…

Read more
OpenImageIO SGI RLE Decoder Heap Buffer Overflow Vulnerability (GHSA-jg3q-vm3q-2j35)
github.com · 2026-05-22

# SGI RLE Decoder Heap Buffer Overflow Vulnerability (GHSA-jg3q-vm3q-2j35) ## Vulnerability Overview In OpenImageIO's SGI RLE decoder, the `OIIO_DASSERT` boundary check used in the RLE decoding loop i…

Read more
JPEG2000 (OpenJPH) CVE-2024-43905 Signed Integer Overflow Leading to Heap Overflow Analysis
github.com · 2026-05-22

# JPEG2000 (OpenJPH) Signed Integer Overflow Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: JPEG2000 (OpenJPH) signed integer overflow in buffer allocation - **CVE ID**: CVE…

Read more
Faraday SSRF Vulnerability (CVE-2026-25765) Analysis and Fix
github.com · 2026-05-22

# Vulnerability Summary: Faraday SSRF Vulnerability (CVE-2026-25765) ## Vulnerability Overview A flaw exists in Faraday's `build_exclusive_url` method when handling protocol-relative URLs (e.g., `//ev…

Read more
CVSS 4.9
audiobookshelf Memory Amplification DoS via Backup Upload (CVE-2025-42885) Fix Guide
github.com · 2026-05-22

# Vulnerability Summary: Memory Amplification DoS in Audiobookshelf Backup Upload ## Vulnerability Overview **Title**: Memory amplification DoS via oversized compressed details entry in backup upload …

Read more
Premium intel
CVSS 9.9
Rancher Fleet Helm Impersonation Bypass Information Disclosure (CVE-2026-41050)
github.com · 2026-05-22

# Vulnerability Overview - **Title**: Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering - **CVE ID**: CVE-2026-41050 - **Severity**: Critical (9.…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.